On Tue, Mar 07, 2006 at 07:47:57PM +0000, Pablo Fernandez wrote: > Dropbear SSH server Denial of Service > The vulnerability specifically exists due to a design error in the > authorization-pending connections code. By default and as a #define of > the MAX_UNAUTH_CLIENTS constant, the SSH server allows 30 > authorization-pending connections, after connection 31, incoming sockets > are close()d immediatly. > Remote attack of this vulnerability is trivial. This is specially > problematic if the administrator can't login due to the attack and can't > at least blacklist the attacker, restart the service or undertake other > actions. > All versions (up to and including current 0.47 version) are vulnerable. Dropbear 0.48 mitigates this issue by having a per-IP limit as well as a global limit - this will at least prevent an IP-deprived attacker from denying service. It's worth noting that various other network services (such as netkit-inetd and OpenSSH) have the same design issues, at least in default configurations. Matt Johnston Dropbear developer http://matt.ucc.asn.au/dropbear/dropbear.html
