CVE-2012-0920

critical

Description

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

References

https://www.mantor.org/~northox/misc/CVE-2012-0920.html

https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

https://exchange.xforce.ibmcloud.com/vulnerabilities/73444

http://www.securityfocus.com/bid/52159

http://www.debian.org/security/2012/dsa-2456

http://secunia.com/advisories/48929

http://secunia.com/advisories/48147

http://matt.ucc.asn.au/dropbear/CHANGES

Details

Source: Mitre, NVD

Published: 2012-06-05

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical