Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability

Bugtraq ID:	25291
Class:	Unknown
CVE:	CVE-2007-4360
Remote:	Yes
Local:	No
Published:	Aug 13 2007 12:00AM
Updated:	Jan 18 2008 03:18PM
Credit:	ETES GmbH <http://www.etes.de> is credited with the discovery of this issue.
Vulnerable:	Dell Remote Access Card 4/P 1.50 (build 02.16)
Not Vulnerable:	Dell Remote Access Card 4/P 1.60 (Build 10.04)

Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability

Dell Remote Access Card running Monaca SSH is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to deny legitimate access to port 22 on affected computers.

Dell Remote Access Card 4/P running firmware 1.50 (Build 02.16) is vulnerable; other versions may also be affected.

Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability

Attackers can exploit this issue by initiating port scans with readily available network utilities.

Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability

Solution:
The vendor has released firmware version 1.60 (Build 10.04) for DRAC4 to address this issue. Please contact the vendor for information on obtaining and installing the updates.

Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability

References:

• DELL(TM) REMOTE ACCESS CONTROLLER (DRAC) 4 Readme (Dell)
  
• Vendor Homepage (Dell)
  
• [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH (Robert Scheck )
  
• Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) (Robert Scheck)