The Arduino Yún ships with Dropbear version 2011.54-2. There are multiple vulnerabilities with it and is not advised to be used. If your arduino is in a remote location and you want to update to OpenSSH, without losing remote access to the device, follow these steps.
- Change the Dropbear port to an unused/free one on your box and restart Dropbear
uci set dropbear.@dropbear[0].Port=2222 uci commit dropbear /etc/init.d/dropbear restart
- Reconnect to your Yun via SSH on the configured port above
- Install the openssh-server
opkg update opkg install openssh-server
- Enable and start OpenSSH server. OpenSSH will listen now on port 22
/etc/init.d/sshd enable /etc/init.d/sshd start
- Reconnect to your yun via SSH on port 22
- Now you can disable Dropbear
/etc/init.d/dropbear disable /etc/init.d/dropbear stop
- Install the
openssh-sftp-serverpackage to install support for the SFTP protocol which SSHFS uses
opkg update opkg install openssh-sftp-server
Log into the Yun from the web address. Go to Configure > Advanced Configuration > System > Software and under Installed Packages and remove Dropbear.
22/tcp
High
(CVSS: 7.1)
NVT:
Dropbear SSH Server Use-after-free Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.105113)
Summary
This host is installed with Dropbear SSH Server and is prone to a use-after-free vulnerability.
This host is installed with Dropbear SSH Server and is prone to a use-after-free vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
This flaw allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to channels concurrency.
This flaw allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to channels concurrency.
Solution
Updates are available.
Updates are available.
Affected Software/OS
Versions of Dropbear SSH Server 0.52 through 2011.54 are vulnerable.
Versions of Dropbear SSH Server 0.52 through 2011.54 are vulnerable.
Vulnerability Insight
A use-after-free vulnerability exists in Dropbear SSH Server 0.52 through 2011.54 when command restriction and public key authentication are enabled.
A use-after-free vulnerability exists in Dropbear SSH Server 0.52 through 2011.54 when command restriction and public key authentication are enabled.
Vulnerability Detection Method
Check the version.
Details: Dropbear SSH Server Use-after-free Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105113)
Version used: $Revision: 809 $
Check the version.
Details: Dropbear SSH Server Use-after-free Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105113)
Version used: $Revision: 809 $
References
| CVE: | CVE-2012-0920 |
| BID: | 52159 |
| Other: | http://www.securityfocus.com/bid/52159 |
| https://matt.ucc.asn.au/dropbear/dropbear.html |
22/tcp
Medium
(CVSS: 5.0)
NVT:
Dropbear SSH Server Multiple Security Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.105114)
Summary
This host is installed with Dropbear SSH Server and is prone to multiple vulnerabilities.
This host is installed with Dropbear SSH Server and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
The flaws allows remote attackers to cause a denial of service or to discover valid usernames.
The flaws allows remote attackers to cause a denial of service or to discover valid usernames.
Solution
Updates are available.
Updates are available.
Affected Software/OS
Versions prior to Dropbear SSH Server 2013.59 are vulnerable.
Versions prior to Dropbear SSH Server 2013.59 are vulnerable.
Vulnerability Insight
Multiple flaws are due to, - The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed. - Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists.
Multiple flaws are due to, - The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed. - Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists.
Vulnerability Detection Method
Check the version.
Details: Dropbear SSH Server Multiple Security Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.105114)
Version used: $Revision: 809 $
Check the version.
Details: Dropbear SSH Server Multiple Security Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.105114)
Version used: $Revision: 809 $
References
Source| CVE: | CVE-2013-4421, CVE-2013-4434 |
| BID: | 62958, 62993 |
| CERT: | DFN-CERT-2013-1865 , DFN-CERT-2013-1772 |
| Other: | http://www.securityfocus.com/bid/62958 |
| http://www.securityfocus.com/bid/62993 | |
| https://matt.ucc.asn.au/dropbear/dropbear.html |
No comments:
Post a Comment