Debian Dropbear vulnerabilities

CVE-2006-1206 [MEDIUM] CVE-2006-1206: dropbear - Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux de... Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. Scope: local bookworm: resolved (fixed in 0.48-1) bullseye

CVE-2006-0225 [MEDIUM] CVE-2006-0225: dropbear - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filename... scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. Scope: local bookworm: resolved (fixed in 0.48-1) bullseye: resolved (fixed in 0.48-1) forky: resolved (fixed in 0.48-1) sid: resolved (fixed in 0.48-1) trixie: resolved (fixed in 0.48-1)

CVE-2005-4178 [MEDIUM] CVE-2005-4178: dropbear - Buffer overflow in Dropbear server before 0.47 allows authenticated users to exe... Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. Scope: local bookworm: resolved (fixed in 0.47-1) bullseye: resolved (fixed in 0.47-1) forky: resolved (fixed in

CVE-2004-2486 [HIGH] CVE-2004-2486: dropbear - The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized... The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access. Scope: local bookworm: resolved (fixed in 0.43-2) bullseye: resolved (fixed in 0.43-2) forky: resolved (fixed in 0.43-2) sid: resolved (fixed in 0.43-2) trixie: resolved (fixed in 0.43-2)