CVE-2013-4434
CVE-2013-4434, security advisory, novell, suse linux, suse, security, cve

CVE-2013-4434

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4434 at MITRE

Description

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 845306 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • dropbear >= 2013.60-7.4.1
  • dropbear-debuginfo >= 2013.60-7.4.1
  • dropbear-debugsource >= 2013.60-7.4.1
Patchnames:
openSUSE-2013-811
openSUSE 13.1
  • dropbear >= 2013.60-2.4.1
  • dropbear-debuginfo >= 2013.60-2.4.1
  • dropbear-debugsource >= 2013.60-2.4.1
Patchnames:
openSUSE-2013-839