CVE-2007-1099
published 2007-02-26CVE-2007-1099: dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.10%
79.4th percentile
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dropbear | < dropbear 0.49-1 (bookworm) | dropbear 0.49-1 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | < 0.49 | 0.49 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.49-1 | 0.49-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.49-1 | 0.49-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.49-1 | 0.49-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.49-1 | 0.49-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-1099: dropbear - dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user ...
vendor_debian·2007·CVSS 7.5
CVE-2007-1099 [HIGH] CVE-2007-1099: dropbear - dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user ...
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
Scope: local
bookworm: resolved (fixed in 0.49-1)
bullseye: resolved (fixed in 0.49-1)
forky: resolved (fixed in 0.49-1)
sid: resolved (fixed in 0.49-1)
trixie: resolved (fixed in 0.49-1)
GHSA
GHSA-4qp5-f859-rjjf: dbclient in Dropbear SSH client before 0
ghsa_unreviewed·2022-05-01
CVE-2007-1099 [HIGH] GHSA-4qp5-f859-rjjf: dbclient in Dropbear SSH client before 0
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
OSV
CVE-2007-1099: dbclient in Dropbear SSH client before 0
osv·2007-02-26·CVSS 7.5
CVE-2007-1099 [HIGH] CVE-2007-1099: dbclient in Dropbear SSH client before 0
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://matt.ucc.asn.au/dropbear/CHANGEShttp://osvdb.org/33814http://secunia.com/advisories/24345http://www.osvdb.org/32088http://www.securityfocus.com/bid/22761http://www.vupen.com/english/advisories/2007/0785https://exchange.xforce.ibmcloud.com/vulnerabilities/32762http://matt.ucc.asn.au/dropbear/CHANGEShttp://osvdb.org/33814http://secunia.com/advisories/24345http://www.osvdb.org/32088http://www.securityfocus.com/bid/22761http://www.vupen.com/english/advisories/2007/0785https://exchange.xforce.ibmcloud.com/vulnerabilities/32762
2007-02-26
Published