CVE-2012-0920
published 2012-06-05CVE-2012-0920: Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote…
PriorityP340high7.1CVSS 2.0
AVNACHAuSCCICAC
EPSS
6.49%
92.9th percentile
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | dropbear | < dropbear 2012.55-1 (bookworm) | dropbear 2012.55-1 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1 | 2012.55-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1 | 2012.55-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1 | 2012.55-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1 | 2012.55-1 |
| dropbear_ssh_project | dropbear_ssh | 0.52 – 2012.54 | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:H/Au:S/C:C/I:C/A:C
osv7.1HIGH
vendor_debian7.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-0920: dropbear - Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when c...
vendor_debian·2012·CVSS 7.1
CVE-2012-0920 [HIGH] CVE-2012-0920: dropbear - Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when c...
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Scope: local
bookworm: resolved (fixed in 2012.55-1)
bullseye: resolved (fixed in 2012.55-1)
forky: resolved (fixed in 2012.55-1)
sid: resolved (fixed in 2012.55-1)
trixie: resolved (fixed in 2012.55-1)
GHSA
GHSA-hw56-hwpj-4432: Use-after-free vulnerability in Dropbear SSH Server 0
ghsa_unreviewed·2022-05-14
CVE-2012-0920 [HIGH] GHSA-hw56-hwpj-4432: Use-after-free vulnerability in Dropbear SSH Server 0
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
OSV
CVE-2012-0920: Use-after-free vulnerability in Dropbear SSH Server 0
osv·2012-06-05·CVSS 7.1
CVE-2012-0920 [HIGH] CVE-2012-0920: Use-after-free vulnerability in Dropbear SSH Server 0
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-0920 dropbear: use-after-free vulnerability
bugzilla·2012-03-06·CVSS 7.1
CVE-2012-0920 [HIGH] CVE-2012-0920 dropbear: use-after-free vulnerability
CVE-2012-0920 dropbear: use-after-free vulnerability
It was reported [1] that the Dropbear SSH server suffered from a use-after-free flaw in how the server managed channels concurrency. A specially-crafted request could trigger a use-after-free condition which could then be used to potentially execute arbitrary code with root privileges, provided that the user has been authenticated using a public key and also that a command restriction is enforced (the "command" option must be used in the authorized_keys file).
This has been corrected upstream in version 2012.55 [2] and is reported to affect versions 0.52 through 2011.54.
[1] http://archives.neohapsis.com/archives/fulldisclosure/2012-02/0404.html
[2] https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
Discussion:
Tracking bugs wer
Bugzilla
CVE-2012-0920 dropbear: use-after-free vulnerability [epel-6]
bugzilla·2012-03-06·CVSS 7.1
CVE-2012-0920 [HIGH] CVE-2012-0920 dropbear: use-after-free vulnerability [epel-6]
CVE-2012-0920 dropbear: use-after-free vulnerability [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=800655
Bugzilla
CVE-2012-0920 dropbear: use-after-free vulnerability [fedora-all]
bugzilla·2012-03-06·CVSS 7.1
CVE-2012-0920 [HIGH] CVE-2012-0920 dropbear: use-after-free vulnerability [fedora-all]
CVE-2012-0920 dropbear: use-after-free vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=8006
http://matt.ucc.asn.au/dropbear/CHANGEShttp://secunia.com/advisories/48147http://secunia.com/advisories/48929http://www.debian.org/security/2012/dsa-2456http://www.osvdb.org/79590http://www.securityfocus.com/bid/52159https://exchange.xforce.ibmcloud.com/vulnerabilities/73444https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749https://www.mantor.org/~northox/misc/CVE-2012-0920.htmlhttp://matt.ucc.asn.au/dropbear/CHANGEShttp://secunia.com/advisories/48147http://secunia.com/advisories/48929http://www.debian.org/security/2012/dsa-2456http://www.osvdb.org/79590http://www.securityfocus.com/bid/52159https://exchange.xforce.ibmcloud.com/vulnerabilities/73444https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749https://www.mantor.org/~northox/misc/CVE-2012-0920.html
2012-06-05
Published