Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2486

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2486
Last Modified 07 Mar 2011 09:18:55
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2486

Summary

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.

Vulnerable Systems

Application

  • Matt Johnston Dropbear Ssh Server 0.28

  • Matt Johnston Dropbear Ssh Server 0.29

  • Matt Johnston Dropbear Ssh Server 0.30

  • Matt Johnston Dropbear Ssh Server 0.31

  • Matt Johnston Dropbear Ssh Server 0.32

  • Matt Johnston Dropbear Ssh Server 0.33

  • Matt Johnston Dropbear Ssh Server 0.34

  • Matt Johnston Dropbear Ssh Server 0.35

  • Matt Johnston Dropbear Ssh Server 0.36

  • Matt Johnston Dropbear Ssh Server 0.37

  • Matt Johnston Dropbear Ssh Server 0.38

  • Matt Johnston Dropbear Ssh Server 0.39

  • Matt Johnston Dropbear Ssh Server 0.40

  • Matt Johnston Dropbear Ssh Server 0.41

  • Matt Johnston Dropbear Ssh Server 0.42


References

XF - dropbear-dss-code-execution(16810)

BID - 10803

OSVDB - 8137

SECUNIA - 12153

VUPEN - ADV-2008-0543

CONFIRM - http://matt.ucc.asn.au/dropbear/CHANGES

XF - cisco-unifiedipphone-ssh-bo(40490)

CISCO - 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities

SECUNIA - 28935


Last Updated: 27 May 2016 10:39:29