CVE-2006-1206
First published: Tue Mar 14 2006(Updated: )
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dropbear SSH | <=0.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-1206?
The severity of CVE-2006-1206 is considered to be high due to its potential for causing a denial of service.
How do I fix CVE-2006-1206?
To fix CVE-2006-1206, update Dropbear SSH to version 0.48 or later which resolves the connection slot exhaustion issue.
What does CVE-2006-1206 affect?
CVE-2006-1206 affects Dropbear SSH server versions 0.47 and earlier, primarily used in embedded Linux devices.
What kind of attack does CVE-2006-1206 enable?
CVE-2006-1206 enables remote attackers to perform a denial of service attack through connection slot exhaustion.
Which configurations are liable to CVE-2006-1206?
Configurations using the MAX_UNAUTH_CLIENTS setting without proper limits are particularly vulnerable to CVE-2006-1206.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/dropbear ssh project
- canonical/dropbear ssh
- version/dropbear ssh/0.47