For the server, this can result in a massive flooding of traffic due to automated attempts to log on to a host. The workarounds for this issue are either to disable the forwarding of agent connections or to upgrade to an SSH server that supports RFC-compliant authentication methods.

This issue was addressed in Dropbear through 2020.81 by disabling SSH agent forwarding.

CVE-2022-36371

This issue was addressed in Dropbear through 2020.82 by upgrading to a newer version of the SSH protocol.

CVE-2022-36370

For the server, this can result in a massive flooding of traffic due to automated attempts to log on to a host. The workarounds for this issue are either to disable the forwarding of agent connections or to upgrade to an SSH server that supports RFC-compliant authentication methods.

This issue was addressed in Dropbear through 2020.81 by disabling SSH agent forwarding.

Timeline

Published on: 10/12/2022 21:15:00 UTC
Last modified on: 11/14/2022 15:15:00 UTC

References