Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2012-0920

Published: 05/06/2012 Updated: 30/10/2018
CVSS v2 Base Score: 7.1 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 632
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
Subscribe to Dropbear Ssh Project

Vulnerability Summary

Use-after-free vulnerability in Dropbear SSH Server 0.52 up to and including 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dropbear ssh project dropbear ssh

debian debian linux 6.0

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]
Debian Bug report logs - #661150 dropbear: CVE-2012-0920 SSH server use-after-free vulnerability] Package: src:dropbear; Maintainer for src:dropbear is Guilhem Moulin <guilhem@debianorg>; Reported by: Nico Golde <nion@debianorg> Date: Fri, 24 Feb 2012 14:57:02 UTC Severity: grave Tags: patch, security Found in ver ...
Debian Security Advisories: DSA-2456-1 dropbear -- use after free
Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place For the stable distribution (squeeze), this problem has been fixed in version 05 ...

References

CWE-399http://www.osvdb.org/79590http://www.securityfocus.com/bid/52159http://secunia.com/advisories/48147http://matt.ucc.asn.au/dropbear/CHANGEShttps://www.mantor.org/~northox/misc/CVE-2012-0920.htmlhttp://secunia.com/advisories/48929http://www.debian.org/security/2012/dsa-2456https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749https://exchange.xforce.ibmcloud.com/vulnerabilities/73444https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661150https://nvd.nist.govhttps://www.debian.org/security/./dsa-2456
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook