CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 2CVE-2016-3116 – DropBearSSHD 2015.71 - Command Injection
https://notcve.org/view.php?id=CVE-2016-3116
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. Vulnerabilidad de inyección CRLF en Dropbear SSH en versiones anteriores a 2016.72 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de datos X11 manipulados. Dropbear sshd versions 2015.71 and below suffer from a command injection vulnerability via xauth. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. • https://www.exploit-db.com/exploits/40119 https://github.com/mxypoo/CVE-2016-3116-DropbearSSH http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00105.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00113.html http://packetstormsecurity.com/files/1362 •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 0CVE-2013-4421
https://notcve.org/view.php?id=CVE-2013-4421
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed. La función buf_decompress en packet.c en Dropbear SSH Server anterior a 2013.59 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de un paquete de gran tamaño al ser descomprimido. • http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html http://secunia.com/advisories/55173 http://www.openwall.com/lists/oss-security/2013/10/11/4 http://www.securityfocus.com/bid/62958 https://matt.ucc.asn.au/dropbear/CHANGES https://secure.ucc.a • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2013-4434
https://notcve.org/view.php?id=CVE-2013-4434
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames. Dropbear SSH Server anterior a 2013.59 genera mensajes de error durante un intento de inicio de sesión fallido con diferentes retardos de tiempo en función de si existe la cuenta de usuario, lo que permite a atacantes remotos para descubrir los nombres de usuario válidos. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html http://secunia.com/advisories/55173 http://www.openwall.com/lists/oss-security/2013/10/16/11 http://www.securityfocus.com/bid/62993 https://matt.ucc.asn.au/dropbear/CHANGES https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a https://support.citrix.com/article/CTX216642 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 47%CPEs: 36EXPL: 5CVE-2012-5975 – (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-5975
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c. La característica SSH USERAUTH CHANGE REQUEST en SSH Tectia Server v6.0.4 hasta v6.0.20, v6.1.0 hasta v6.1.12, v6.2.0 hasta v6.2.5, y v6.3.0 hasta v6.3.2 en UNIX y Linux, cuando el estilo viejo de autenticación (old-style password authentication is) está activada, permite a atacantes remotos evitar la autenticación a través de una sesión manipulada que implica la entrada de contraseñas en blanco, como se demuestra por una sesión de login de root de un cliente OpenSSH modificados con una llamada adicional input_userauth_passwd_changereq en sshconnect2.c. • https://www.exploit-db.com/exploits/23082 https://www.exploit-db.com/exploits/23156 http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html http://www.exploit-db.com/exploits/23082 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb https://seclists.org/fulldisclosure/2012/Dec/12 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/mod • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 1%CPEs: 3EXPL: 0CVE-2012-0920
https://notcve.org/view.php?id=CVE-2012-0920
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency." Una vulnerabilidad de uso después de liberación vulnerabilidad en Dropbear SSH Server v0.52 a 2012.54 cuando la restricción de comandos y la autenticación de clave pública están habilitadas, lo permite a ejecutar código de su elección y eludir restricciones de comandos a usuarios remotos autenticados a través de múltiples peticiones hechas a mano, relacionados con la "concurrencia de canales." • http://matt.ucc.asn.au/dropbear/CHANGES http://secunia.com/advisories/48147 http://secunia.com/advisories/48929 http://www.debian.org/security/2012/dsa-2456 http://www.osvdb.org/79590 http://www.securityfocus.com/bid/52159 https://exchange.xforce.ibmcloud.com/vulnerabilities/73444 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 https://www.mantor.org/~northox/misc/CVE-2012-0920.html • CWE-399: Resource Management Errors •