CVE-2012-0920

Severity

71%

Complexity

39%

Confidentiality

165%

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C).

Overview

Type

Debian

First reported 12 years ago

2012-06-05 22:55:00

Last updated 6 years ago

2018-10-30 16:28:00

Affected Software

Debian GNU/Linux 6.0

6.0

Debian Linux 7.0

7.0

References

http://matt.ucc.asn.au/dropbear/CHANGES

Vendor Advisory

48147

Third Party Advisory

48929

Third Party Advisory

DSA-2456

Third Party Advisory

79590

Broken Link

52159

Third Party Advisory, VDB Entry

dropbear-code-execution(73444)

Third Party Advisory, VDB Entry

https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

Vendor Advisory

https://www.mantor.org/~northox/misc/CVE-2012-0920.html

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.