Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitrary code on the target system. Class: Use After Free - CWE-416 CVE ID: CVE-2012-0920 CVSS: 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) Description: This vulnerability is located within the Dropbear daemon and occurs due to the way the server manages channels concurrency. A specially crafted request can trigger a `use after free` condition which can be used to execute arbitrary code under root privileges provided the user has been authenticated using a public key (authorized_keys file) and a command restriction is enforced (command option). Solution: Upgrade to version 2012.55 or higher. Reference: https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 Disclosure Timeline: 2012-01-24 - Vulnerability reported to vendor. 2012-02-24 - Coordinated public release of advisory. Credit: This vulnerability was discovered by Danny Fullerton from Mantor Organization. Special thanks to Matt.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/