Dropbear SSH Server Use-after-free Vulnerability Network Vulnerability

Summary

This host is installed with Dropbear SSH Server and is prone to a use-after-free vulnerability.

Impact

This flaw allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to channels concurrency.

Solution

Updates are available.

Insight

A use-after-free vulnerability exists in Dropbear SSH Server 0.52 through 2011.54 when command restriction and public key authentication are enabled.

Affected

Versions of Dropbear SSH Server 0.52 through 2011.54 are vulnerable.

Detection

Check the version.

References

http://www.securityfocus.com/bid/52159
https://matt.ucc.asn.au/dropbear/dropbear.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0920

CVSS	Base Score: 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)

Take action and discover your vulnerabilities