CVE-2012-0920
https://notcve.org/view.php?id=CVE-2012-0920
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency." Una vulnerabilidad de uso después de liberación vulnerabilidad en Dropbear SSH Server v0.52 a 2012.54 cuando la restricción de comandos y la autenticación de clave pública están habilitadas, lo permite a ejecutar código de su elección y eludir restricciones de comandos a usuarios remotos autenticados a través de múltiples peticiones hechas a mano, relacionados con la "concurrencia de canales." • http://matt.ucc.asn.au/dropbear/CHANGES http://secunia.com/advisories/48147 http://secunia.com/advisories/48929 http://www.debian.org/security/2012/dsa-2456 http://www.osvdb.org/79590 http://www.securityfocus.com/bid/52159 https://exchange.xforce.ibmcloud.com/vulnerabilities/73444 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 https://www.mantor.org/~northox/misc/CVE-2012-0920.html • CWE-399: Resource Management Errors •
CVE-2007-1099
https://notcve.org/view.php?id=CVE-2007-1099
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks. dbclient en el cliente SSH Dropbear en versiones anteriores a la 0.49 no previene/avisa suficientemente a los usuarios cuando detecta una discrepancia en el hostkey, lo que puede permite a usuarios remotos realizar ataques "hombre en el medio" (man-in-the-middle). • http://matt.ucc.asn.au/dropbear/CHANGES http://osvdb.org/33814 http://secunia.com/advisories/24345 http://www.osvdb.org/32088 http://www.securityfocus.com/bid/22761 http://www.vupen.com/english/advisories/2007/0785 https://exchange.xforce.ibmcloud.com/vulnerabilities/32762 •
CVE-2006-1206 – Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service
https://notcve.org/view.php?id=CVE-2006-1206
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. • https://www.exploit-db.com/exploits/1572 http://securitytracker.com/id?1015742 http://www.securityfocus.com/archive/1/426999/100/0/threaded http://www.securityfocus.com/bid/17024 https://exchange.xforce.ibmcloud.com/vulnerabilities/25075 •
CVE-2005-4178
https://notcve.org/view.php?id=CVE-2005-4178
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/18108 http://secunia.com/advisories/18109 http://secunia.com/advisories/18142 http://www.debian.org/security/2005/dsa-923 http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml http://www.securityfocus.com/bid/15923 http://www.vupen.com/english/advisories/2005/2962 •
CVE-2004-2486
https://notcve.org/view.php?id=CVE-2004-2486
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access. • http://matt.ucc.asn.au/dropbear/CHANGES http://secunia.com/advisories/12153 http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.osvdb.org/8137 http://www.securityfocus.com/bid/10803 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/16810 https://exchange.xforce.ibmcloud.com/vulnerabilities/40490 •