CVE-2012-0920
Severity Score
7.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Una vulnerabilidad de uso después de liberación vulnerabilidad en Dropbear SSH Server v0.52 a 2012.54 cuando la restricción de comandos y la autenticación de clave pública están habilitadas, lo permite a ejecutar código de su elección y eludir restricciones de comandos a usuarios remotos autenticados a través de múltiples peticiones hechas a mano, relacionados con la "concurrencia de canales."
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-01-26 CVE Reserved
- 2012-02-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/48147 | Third Party Advisory | |
| http://secunia.com/advisories/48929 | Third Party Advisory | |
| http://www.osvdb.org/79590 | Broken Link | |
| http://www.securityfocus.com/bid/52159 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73444 | Third Party Advisory | |
| https://www.mantor.org/~northox/misc/CVE-2012-0920.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://matt.ucc.asn.au/dropbear/CHANGES | 2018-10-30 | |
| http://www.debian.org/security/2012/dsa-2456 | 2018-10-30 | |
| https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dropbear Ssh Project Search vendor "Dropbear Ssh Project" | Dropbear Ssh Search vendor "Dropbear Ssh Project" for product "Dropbear Ssh" | >= 0.52 <= 2012.54 Search vendor "Dropbear Ssh Project" for product "Dropbear Ssh" and version " >= 0.52 <= 2012.54" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||