Lucene search
K

151 matches found

UbuntuCve
UbuntuCve
added 2013/10/25 11:55 p.m.16 views

CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...

5CVSS5.9AI score0.06424EPSS
Exploits0References2
Prion
Prion
added 2013/10/25 11:55 p.m.27 views

Code injection

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...

5CVSS7AI score0.05749EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2013/10/25 11:0 p.m.20 views

CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...

6.2AI score0.06424EPSS
Exploits0References10
CVE
CVE
added 2013/10/25 11:0 p.m.164 views

CVE-2013-4421

CVE-2013-4421 affects Dropbear SSH Server prior to 2013.59, where the buf_decompress function in packet.c can be exploited by a compressed packet with large size to cause a denial of service via memory exhaustion. Public references describe the impact as memory consumption and note fixes in later...

5CVSS6.3AI score0.06424EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2013/10/25 11:0 p.m.92 views

CVE-2013-4434

Dropbear SSH Server before 2013.59 is affected by CVE-2013-4434: authentication error messages reveal valid usernames via different delay depending on account existence. Public docs confirm the issue and cite a patch release (2013.60) that fixes this and related CVE-2013-4421; openSUSE/Mandriva a...

5CVSS6.5AI score0.05749EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2013/10/25 11:0 p.m.30 views

CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...

5CVSS6.3AI score0.06424EPSS
Exploits0
Debian CVE
Debian CVE
added 2013/10/25 11:0 p.m.26 views

CVE-2013-4434

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...

5CVSS6.4AI score0.05749EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/10/22 12:0 a.m.699 views

Dropbear SSH Server < 2013.59 Multiple Vulnerabilities

According to its self-reported banner, the version of Dropbear SSH running on this port is earlier than 2013.59. As such, it is potentially affected by multiple vulnerabilities : - A denial of service vulnerability caused by the way the 'bufdecompress' function handles compressed files...

5CVSS5.4AI score0.06424EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/10/11 12:0 a.m.39 views

Dropbear SSH Memory Corruption Denial of Service and User Enumeration Weakness

Binary data 8026.prm...

5CVSS7.3AI score0.06424EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/09/18 12:0 a.m.23 views

Debian Security Advisory DSA 2456-1 (dropbear - use after free)

Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. OpenVAS Vulnerability Test...

7.1CVSS0.5AI score0.06489EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.64 views

Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units

Note: In June I released a partial disclosure for just the RT-N66U on the issue of directory traversal. I have only heard back from ASUS a twice on the issue, and I understand they are working on a fix. However, no serious attempt to our knowledge has been made to warn their customers in the...

7.7AI score
Exploits0
NVD
NVD
added 2012/06/05 10:55 p.m.12 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS7.5AI score0.06489EPSS
Exploits0References9
OSV
OSV
added 2012/06/05 10:55 p.m.9 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS7.5AI score0.06489EPSS
Exploits0References9
Prion
Prion
added 2012/06/05 10:55 p.m.14 views

Design/Logic Flaw

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS8.1AI score0.06489EPSS
Exploits0References9Affected Software2
UbuntuCve
UbuntuCve
added 2012/06/05 10:55 p.m.44 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS7.5AI score0.06489EPSS
Exploits0References1
Cvelist
Cvelist
added 2012/06/05 10:0 p.m.29 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.4AI score0.06489EPSS
Exploits0References9
CVE
CVE
added 2012/06/05 10:0 p.m.135 views

CVE-2012-0920

Dropbear SSH Server 0.52–2012.54 is affected by a use-after-free (UAF) vulnerability when command restriction and public key authentication are enabled, exploitable by remote authenticated users via crafted command requests related to channels concurrency. Impact per sources includes arbitrary co...

7.1CVSS9.3AI score0.06489EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2012/06/05 10:0 p.m.61 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS9.6AI score0.06489EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.236 views

Dropbear SSH server use-after-free

No description provided...

7.1CVSS1.1AI score0.06489EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2008/06/05 12:0 a.m.52 views

Dropbear SSH &lt;= 0.34 Remote Root Exploit

No description provided by source. / Linux x86 Dropbear SSH = 0.34 remote root exploit coded by live You'll need a hacked ssh client to try this out. I included a patch to openssh-3.6.p1 somewhere below this comment. The point is: the buffer being exploited is too small25 bytes to hold our...

7.1AI score
Exploits0
Rows per page
Query Builder