Vulnerability Description
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropbear Ssh Project | Dropbear Ssh | >= 0.52, <= 2012.54 |
| Debian | Debian Linux | 6.0 |
Related Weaknesses (CWE)
References
- http://matt.ucc.asn.au/dropbear/CHANGESVendor Advisory
- http://secunia.com/advisories/48147Third Party Advisory
- http://secunia.com/advisories/48929Third Party Advisory
- http://www.debian.org/security/2012/dsa-2456Third Party Advisory
- http://www.osvdb.org/79590Broken Link
- http://www.securityfocus.com/bid/52159Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73444Third Party AdvisoryVDB Entry
- https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749Vendor Advisory
- https://www.mantor.org/~northox/misc/CVE-2012-0920.htmlThird Party Advisory
- http://matt.ucc.asn.au/dropbear/CHANGESVendor Advisory
- http://secunia.com/advisories/48147Third Party Advisory
- http://secunia.com/advisories/48929Third Party Advisory
- http://www.debian.org/security/2012/dsa-2456Third Party Advisory
- http://www.osvdb.org/79590Broken Link
- http://www.securityfocus.com/bid/52159Third Party AdvisoryVDB Entry
FAQ
What is CVE-2012-0920?
CVE-2012-0920 is a vulnerability with a CVSS score of 7.1 (HIGH). Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary cod...
How severe is CVE-2012-0920?
CVE-2012-0920 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0920?
Check the references section above for vendor advisories and patch information. Affected products include: Dropbear Ssh Project Dropbear Ssh, Debian Debian Linux.