ID CVE-2007-1099
Summary dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 22761
confirm http://matt.ucc.asn.au/dropbear/CHANGES
osvdb
  • 32088
  • 33814
secunia 24345
vupen ADV-2007-0785
xf dropbear-hostkey-weak-security(32762)
Last major update 30-10-2018 - 16:28
Published 26-02-2007 - 17:28
Last modified 30-10-2018 - 16:28
Back to Top