UBUNTU-CVE-2021-36369

Source
https://ubuntu.com/security/CVE-2021-36369
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-36369.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-36369
Related
Published
2022-10-12T21:15:00Z
Modified
2025-01-13T10:22:34Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dropbear

Package

Name
dropbear
Purl
pkg:deb/ubuntu/dropbear@2016.72-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2014.*

2014.65-1ubuntu2

2015.*

2015.68-1
2015.70-1
2015.71-1

2016.*

2016.72-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / dropbear

Package

Name
dropbear
Purl
pkg:deb/ubuntu/dropbear@2017.75-3build1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2017.*

2017.75-2
2017.75-3build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / dropbear

Package

Name
dropbear
Purl
pkg:deb/ubuntu/dropbear@2019.78-2build1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2019.*

2019.78-2build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / dropbear

Package

Name
dropbear
Purl
pkg:deb/ubuntu/dropbear@2020.81-5?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.81-3
2020.81-4
2020.81-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}