Bugtraq mailing list archives

By Date By Thread Dropbear SSH server use-after-free vulnerability From: Danny Fullerton <northox () mantor org>

Date: Fri, 24 Feb 2012 07:53:15 -0500

Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitrary code on the target system. Class: Use After Free - CWE-416 CVE ID: CVE-2012-0920 CVSS: 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) Description: This vulnerability is located within the Dropbear daemon and occurs due to the way the server manages channels concurrency. A specially crafted request can trigger a `use after free` condition which can be used to execute arbitrary code under root privileges provided the user has been authenticated using a public key (authorized_keys file) and a command restriction is enforced (command option). Solution: Upgrade to version 2012.55 or higher. Reference: https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 Disclosure Timeline: 2012-01-24 - Vulnerability reported to vendor. 2012-02-24 - Coordinated public release of advisory. Credit: This vulnerability was discovered by Danny Fullerton from Mantor Organization. Special thanks to Matt. By Date By Thread Current thread: Dropbear SSH server use-after-free vulnerability Danny Fullerton (Feb 24)