Ask the Community
Groups
CVE-2013-4421: Dropbear SSH Decompress DoS Vulnerability - Connect IT Community | Kaseya
<main> <article class="userContent"> <h3 data-id="cve-id"><strong>CVE ID</strong></h3> <p>CVE-2013-4421</p> <h3 data-id="description"><strong>DESCRIPTION</strong></h3> <p></p> <p>The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.<br><br>Unitrends assessment: NOT EXPOSED<br><br>The dropbear ssh server is not the same as the openssh-server package. Our CentOS installations use the openssh-server package instead.</p> <h3 data-id="resolution"><strong>RESOLUTION</strong></h3> <p></p> <p>Fixed in dropbear-2013.59-1.el6 package from the Fedora EPEL repository.</p> <h3 data-id="link-to-advisories"><strong>LINK TO ADVISORIES</strong></h3> <p></p> <ul><li><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3DCVE-2013-4421">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4421</a></li></ul> </article> </main>