Matt Johnston

**Name of the Vulnerable Software and Affected Versions** Matt Johnston Dropbear SSH server versions 0.47 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically connection slot exhaustion, by making a large number of connection attempts that exceeds the defined value of 30. **Recommendations** For Matt Johnston Dropbear SSH server versions 0.47 and earlier, consider increasing the MAX UNAUTH CLIENTS value to a higher number to prevent connection slot exhaustion, or apply configuration changes to limit the number of concurrent connection attempts.

**Name of the Vulnerable Software and Affected Versions** Dropbear versions prior to 0.47 **Description** The issue is related to a buffer overflow in the Dropbear server, allowing authenticated users to execute arbitrary code via unspecified inputs due to an incorrect expression that does not enforce the proper order of operations. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely by an attacker who has passed the authentication procedure. **Recommendations** For versions prior to 0.47, update to version 0.47 or later to resolve the issue. As a temporary workaround, consider restricting access to the Dropbear server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.3.4 through 10.5 **Description** The issue is related to the improper clearing of memory for certain passwords, including login, Keychain, and FileVault passwords. This could allow an attacker with physical access or the root user to obtain sensitive information by reading memory. **Recommendations** For Apple Mac OS X versions 10.3.4 through 10.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.