CVE-2012-0920

high

Description

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

References

http://matt.ucc.asn.au/dropbear/CHANGES

http://secunia.com/advisories/48147

http://secunia.com/advisories/48929

http://www.debian.org/security/2012/dsa-2456

http://www.osvdb.org/79590

http://www.securityfocus.com/bid/52159

https://exchange.xforce.ibmcloud.com/vulnerabilities/73444

https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

https://www.mantor.org/~northox/misc/CVE-2012-0920.html

Details

Source: MITRE

Published: 2012-06-05

Updated: 2018-10-30

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH