7.1

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dropbear Ssh ProjectDropbear Ssh Version >= 0.52 <= 2012.54
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.49% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 3.9 10
AV:N/AC:H/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://matt.ucc.asn.au/dropbear/CHANGES
Vendor Advisory
http://secunia.com/advisories/48147
Third Party Advisory
http://secunia.com/advisories/48929
Third Party Advisory
http://www.debian.org/security/2012/dsa-2456
Third Party Advisory
http://www.osvdb.org/79590
Broken Link
http://www.securityfocus.com/bid/52159
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
Third Party Advisory
VDB Entry
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
Vendor Advisory
https://www.mantor.org/~northox/misc/CVE-2012-0920.html
Third Party Advisory