lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060310072030.GH24032@ucc.gu.uwa.edu.au>
Date: Fri Mar 10 16:55:16 2006
From: matt at ucc.asn.au (Matt Johnston)
Subject: Re: Dropbear SSH server Denial of Service

On Tue, Mar 07, 2006 at 07:47:57PM +0000, Pablo Fernandez wrote:
> Dropbear SSH server Denial of Service

> The vulnerability specifically exists due to a design error in the
> authorization-pending connections code. By default and as a #define of
> the MAX_UNAUTH_CLIENTS constant, the SSH server allows 30
> authorization-pending connections, after connection 31, incoming sockets
> are close()d immediatly.

> Remote attack of this vulnerability is trivial. This is specially
> problematic if the administrator can't login due to the attack and can't
> at least blacklist the attacker, restart the service or undertake other
> actions.
> All versions (up to and including current 0.47 version) are vulnerable.

Dropbear 0.48 mitigates this issue by having a per-IP limit
as well as a global limit - this will at least prevent an
IP-deprived attacker from denying service.

It's worth noting that various other network services (such
as netkit-inetd and OpenSSH) have the same design issues, at
least in default configurations.

Matt Johnston
Dropbear developer
http://matt.ucc.asn.au/dropbear/dropbear.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ