Vulnerability Details : CVE-2012-0920
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2012-0920
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- Dropbear Ssh Project » Dropbear SshVersions from including (>=) 0.52 and up to, including, (<=) 2012.54cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0920
4.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0920
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2012-0920
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0920
-
http://matt.ucc.asn.au/dropbear/CHANGES
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
Dropbear SSH Server code execution CVE-2012-0920 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2012/dsa-2456
Debian -- Security Information -- DSA-2456-1 dropbearThird Party Advisory
-
http://www.securityfocus.com/bid/52159
Dropbear SSH Server Use After Free Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
dropbear: 818108bf7749Vendor Advisory
-
https://www.mantor.org/~northox/misc/CVE-2012-0920.html
CVE-2012-0920 - Dropbear SSH server use-after-free vulnerabilityThird Party Advisory
Jump to