Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1206 — Dropbear vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

12.2%

top 6.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dropbear SSH Project Dropbear SSH Debian Dropbear

Timeline

PublishedMar 14

Latest updateMay 1

Description

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dropbear< dropbear 0.48-1 (bookworm)

▶Debiandropbear_ssh_project/dropbear_ssh< 0.48-1+3

▶NVDdropbear_ssh_project/dropbear_ssh0.47

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6979-j27r-h7g9: Matt Johnston Dropbear SSH server 0↗2022-05-01

▶

OSV

CVE-2006-1206: Matt Johnston Dropbear SSH server 0↗2006-03-14

▶

💥Exploits & PoCs

Exploit-DB

Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service↗2006-03-10

▶

📋Vendor Advisories

Debian

CVE-2006-1206: dropbear - Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux de...↗2006

▶