CVE-2012-0920

Published Jun 5, 2012

Last updated 6 years ago

Overview

Description: Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 10
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-399

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ECC61ED-602A-48B8-BB35-B21D2EB1009F",
            "versionEndIncluding": "2012.54",
            "versionStartIncluding": "0.52"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References