Vulnerability Details CVE-2004-2486
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://matt.ucc.asn.au/dropbear/CHANGES
- http://secunia.com/advisories/12153
- http://secunia.com/advisories/28935
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml
- http://www.osvdb.org/8137
- http://www.securityfocus.com/bid/10803
- http://www.vupen.com/english/advisories/2008/0543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16810
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40490
- http://matt.ucc.asn.au/dropbear/CHANGES
- http://secunia.com/advisories/12153
- http://secunia.com/advisories/28935
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml
- http://www.osvdb.org/8137
- http://www.securityfocus.com/bid/10803
- http://www.vupen.com/english/advisories/2008/0543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16810
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40490
Products affected by CVE-2004-2486
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41
-
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42