We have multiple clients that have stringent audit requirements. We perform Nessus scans across all networks, including the management networks of our two new Vtrak E5800 units and ancient Vtrak E610f system. Until recently we were able to mitigate many of the security violations by shutting down the webserver and running just e-mail and SSH services. Now we may need to shut down the SSH services to comply.
All three systems have the latest firmware installed for each system, they are now failing the following...
Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
The SSH service running on the remote host is affected by multiple vulnerabilities.
According to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities :
- A format string flaw exists due to improper handling of string format specifiers (e.g., %s and %x) in usernames and host arguments. An unauthenticated, remote attacker can exploit this to execute arbitrary code with root privileges. (CVE-2016-7406)
- A flaw exists in dropbearconvert due to improper handling of specially crafted OpenSSH key files. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-7407)
- A flaw exists in dbclient when handling the -m or -c arguments in scripts. An unauthenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary code. (CVE-2016-7408)
- A flaw exists in dbclient or dropbear server if they are compiled with the DEBUG_TRACE option and then run using the -v switch. A local attacker can exploit this to disclose process memory. (CVE-2016-7409)
Upgrade to Dropbear SSH version 2016.74 or later.
The Nessus scan also calls out an out-of-date PHP version but this can be circumvented by shutting down the webpage services. Shutting down the SSH connection is not desirable, is it possible to upgrade the SSH server on these units to something newer?