Vulnerability Name:

CVE-2012-0920 (CCN-73444)

Assigned:2012-02-24
Published:2012-02-24
Updated:2018-10-30
Summary:Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
CVSS v3 Severity:8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
8.5 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-0920

Source: CONFIRM
Type: Vendor Advisory
http://matt.ucc.asn.au/dropbear/CHANGES

Source: CCN
Type: SA48147
Dropbear SSH Server Use-After-Free Vulnerability

Source: SECUNIA
Type: Third Party Advisory
48147

Source: SECUNIA
Type: Third Party Advisory
48929

Source: DEBIAN
Type: Third Party Advisory
DSA-2456

Source: DEBIAN
Type: DSA-2456
dropbear -- use after free

Source: CCN
Type: Oracle CPUApr2017
Oracle Critical Patch Update Advisory - April 2017

Source: OSVDB
Type: Broken Link
79590

Source: CCN
Type: OSVDB ID: 79590
Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution

Source: BID
Type: Third Party Advisory, VDB Entry
52159

Source: CCN
Type: BID-52159
Dropbear SSH Server Use After Free Remote Code Execution Vulnerability

Source: XF
Type: Third Party Advisory, VDB Entry
dropbear-code-execution(73444)

Source: XF
Type: UNKNOWN
dropbear-code-execution(73444)

Source: CCN
Type: Dropbear Web page
changeset 654:818108bf7749

Source: CONFIRM
Type: Vendor Advisory
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

Source: MISC
Type: Third Party Advisory
https://www.mantor.org/~northox/misc/CVE-2012-0920.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:* (Version >= 0.52 and <= 2012.54)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18111
    P
    		DSA-2456-1 dropbear - use after free
    2014-06-23
    oval:com.ubuntu.precise:def:20120920000
    V
    		CVE-2012-0920 on Ubuntu 12.04 LTS (precise) - medium.
    2012-06-05
    BACK
    dropbear_ssh_project dropbear ssh *
    debian debian linux 6.0
    debian debian linux 7.0
    matt_johnston dropbear ssh server 0.52
    matt_johnston dropbear ssh server 2011.54