CVSS: 5.9EPSS: 95%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36369 – Ubuntu Security Notice USN-7292-1
https://notcve.org/view.php?id=CVE-2021-36369
12 Oct 2022 — An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. Se ha detectado un problema en Dropbear versiones hasta 2020.81. • https://github.com/mkj/dropbear/pull/128 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36254
https://notcve.org/view.php?id=CVE-2020-36254
25 Feb 2021 — scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. El archivo scp.c en Dropbear versiones anteriores a 2020.79, maneja inapropiadamente un nombre de archivo de . o un nombre de archivo vacío, un problema relacionado con el CVE-2018-20685 • https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2659
https://notcve.org/view.php?id=CVE-2017-2659
20 Mar 2019 — It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts. Se ha descubierto que dropbear, en versiones anteriores a la 2013.59 con GSSAPI filtra si un nombre de usuario es válido o no. Cuando se proporciona un nombre de usuario inválido, el error de autenticación de GSSAPI se contó erróneamente hacia el máx... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15599
https://notcve.org/view.php?id=CVE-2018-15599
21 Aug 2018 — The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. La función recv_msg_userauth_request en svr-auth.c en Dropbear hasta la versión 2018.76 es propensa a una vulnerabilidad de enumeración de usuarios porque la validez de los nombres de usuarios afecta a cómo se manejan los campos en los men... • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-9078
https://notcve.org/view.php?id=CVE-2017-9078
19 May 2017 — The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. El servidor en Dropbear anteriores a 2017.75 podría permitir la post-autenticación de ejecución de código remoto con privilegios de root debido a una doble liberación en la limpieza de los TCP listeners cuando la opción -a está habilitada. • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html • CWE-415: Double Free •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9079
https://notcve.org/view.php?id=CVE-2017-9079
19 May 2017 — Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. Dropbear anteriores a 2017.75 podría permitir a usuarios locales leer ciertos archivos como usuario root, si el archivo tiene el formato de archivo authorized_keys con un comando=opción. Esto ocurre porque ~ /.ssh/authorized_keys se lee con privilegios de root y... • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2016-7406 – DiCal-RED 4009 Outdated Third Party Components
https://notcve.org/view.php?id=CVE-2016-7406
21 Feb 2017 — Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. Vulnerabilidad de formato de cadena en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes remotos ejecutar código arbitrario a través de especificadores de cadena de formato en el (1) nombre de usuario o (2) argumento de anfitrión. Multiple vulnerabilities have been found in Dropbear, the worst of which allows remo... • http://www.openwall.com/lists/oss-security/2016/09/15/2 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7409 – Gentoo Linux Security Advisory 201702-23
https://notcve.org/view.php?id=CVE-2016-7409
21 Feb 2017 — The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. El dbclient y el servidor en Dropbear SSH en versiones anteriores a 2016.74, cuando se compila con DEBUG_TRACE, permite a usuarios locales leer la memoria del proceso a través del argumento -v, relacionado con un ident remoto fallido. Multiple vulnerabilities have been found in Dropbear, the worst of which allows remote attac... • http://www.openwall.com/lists/oss-security/2016/09/15/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7407 – Gentoo Linux Security Advisory 201702-23
https://notcve.org/view.php?id=CVE-2016-7407
21 Feb 2017 — The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. El comando dropbearconvert en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes ejecutar código arbitrario a través de un archivo OpenSSH clave manipulado. Multiple vulnerabilities have been found in Dropbear, the worst of which allows remote attackers to execute arbitrary code. Versions less than 2016.74 are affected. • http://www.openwall.com/lists/oss-security/2016/09/15/2 • CWE-20: Improper Input Validation •