Dell Remote Access Card (DRAC) SSH denial of service
| drac-ssh-dos (35998) |  Low Risk |
Description:
Dell Remote Access Cards (DRAC) are vulnerable to a denial of service, caused by an error in the SSH service. A remote attacker could exploit this vulnerability to cause the service to crash.
Platforms Affected:
- Dell, Remote Access Card 4.1.50.02.16
- Novell, SUSE Linux Enterprise Server 10
Remedy:
Upgrade to the latest firmware version (1.60 Build 10.04 or later), available from the Dell Web site. See References.
Consequences:
Denial of Service
References:
- Dell Web site, Find a Notebook, Desktop, Server, Printer, Software, Service, Monitor or TV at Dell. at http://www.dell.com/.
- ASA-2007-302: MS07-041 Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
- BID-25291: Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability
- CVE-2007-4360: Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an nmap -O scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.
- FrSIRT/ADV-2007-2908: Dell Remote Access Card SSH Service Remote Denial of Service Vulnerability
- SA26428: Dell Remote Access Card SSH Denial of Service Vulnerability
Reported:
Aug 13, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net