[Full-disclosure] Re: Dropbear SSH server Denial of Service
- From: Matt Johnston <matt@xxxxxxxxxx>
- Date: Fri, 10 Mar 2006 15:20:31 +0800
On Tue, Mar 07, 2006 at 07:47:57PM +0000, Pablo Fernandez wrote:
Dropbear SSH server Denial of Service
The vulnerability specifically exists due to a design error in the
authorization-pending connections code. By default and as a #define of
the MAX_UNAUTH_CLIENTS constant, the SSH server allows 30
authorization-pending connections, after connection 31, incoming sockets
are close()d immediatly.
Remote attack of this vulnerability is trivial. This is specially
problematic if the administrator can't login due to the attack and can't
at least blacklist the attacker, restart the service or undertake other
actions.
All versions (up to and including current 0.47 version) are vulnerable.
Dropbear 0.48 mitigates this issue by having a per-IP limit
as well as a global limit - this will at least prevent an
IP-deprived attacker from denying service.
It's worth noting that various other network services (such
as netkit-inetd and OpenSSH) have the same design issues, at
least in default configurations.
Matt Johnston
Dropbear developer
http://matt.ucc.asn.au/dropbear/dropbear.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- [Full-disclosure] Re: Dropbear SSH server Denial of Service
- From: Damien Miller
- [Full-disclosure] Re: Dropbear SSH server Denial of Service
- Prev by Date: Re: [Full-disclosure] War Dialing, Spoofed(?) Phone Number [area code 786], and calls across the US
- Next by Date: [Full-disclosure] [SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution
- Previous by thread: [Full-disclosure] [USN-261-1] PHP vulnerabilities
- Next by thread: [Full-disclosure] Re: Dropbear SSH server Denial of Service
- Index(es):
