[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0920Date: (C)2012-06-05   (M)2023-12-22


Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-48147
SECUNIA-48929
BID-52159
OSVDB-79590
DSA-2456
dropbear-code-execution(73444)
http://matt.ucc.asn.au/dropbear/CHANGES
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
https://www.mantor.org/~northox/misc/CVE-2012-0920.html

CPE    2
cpe:/o:debian:debian_linux:6.0
cpe:/o:debian:debian_linux:7.0
CWE    1
CWE-399
OVAL    2
oval:org.secpod.oval:def:104013
oval:org.secpod.oval:def:600785

© SecPod Technologies