CVE-2012-0920 - Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction a

CVE-2012-0920

Summary

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

References

Vulnerable Configurations

cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 30-10-2018 - 16:28)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:S/C:C/I:C/A:C

refmap via4

bid	52159
confirm	http://matt.ucc.asn.au/dropbear/CHANGES https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
debian	DSA-2456
misc	https://www.mantor.org/~northox/misc/CVE-2012-0920.html
osvdb	79590
secunia	48147 48929
xf	dropbear-code-execution(73444)

Last major update

30-10-2018 - 16:28

Published

05-06-2012 - 22:55

Last modified

30-10-2018 - 16:28