CVE-2006-1206 – Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service
https://notcve.org/view.php?id=CVE-2006-1206
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. • https://www.exploit-db.com/exploits/1572 http://securitytracker.com/id?1015742 http://www.securityfocus.com/archive/1/426999/100/0/threaded http://www.securityfocus.com/bid/17024 https://exchange.xforce.ibmcloud.com/vulnerabilities/25075 •
CVE-2005-4178
https://notcve.org/view.php?id=CVE-2005-4178
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/18108 http://secunia.com/advisories/18109 http://secunia.com/advisories/18142 http://www.debian.org/security/2005/dsa-923 http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml http://www.securityfocus.com/bid/15923 http://www.vupen.com/english/advisories/2005/2962 •
CVE-2004-2486
https://notcve.org/view.php?id=CVE-2004-2486
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access. • http://matt.ucc.asn.au/dropbear/CHANGES http://secunia.com/advisories/12153 http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.osvdb.org/8137 http://www.securityfocus.com/bid/10803 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/16810 https://exchange.xforce.ibmcloud.com/vulnerabilities/40490 •