Executive Summary

Informations
Name CVE-2012-0920 First vendor Publication 2012-06-05
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 3.9 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0920

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18111
 
Oval ID: oval:org.mitre.oval:def:18111
Title: DSA-2456-1 dropbear - use after free
Description: Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place.
Family: unix Class: patch
Reference(s): DSA-2456-1
CVE-2012-0920
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): dropbear
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 2

OpenVAS Exploits

Date Description
2013-09-18 Name : Debian Security Advisory DSA 2456-1 (dropbear - use after free)
File : nvt/deb_2456_1.nasl
2012-07-30 Name : Fedora Update for dropbear FEDORA-2012-10934
File : nvt/gb_fedora_2012_10934_dropbear_fc16.nasl
2012-03-12 Name : FreeBSD Ports: dropbear
File : nvt/freebsd_dropbear.nasl

Nessus® Vulnerability Scanner

Date Description
2013-09-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-20.nasl - Type : ACT_GATHER_INFO
2012-07-30 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10934.nasl - Type : ACT_GATHER_INFO
2012-04-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2456.nasl - Type : ACT_GATHER_INFO
2012-03-05 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_eba70db4664011e198af00262d8b701d.nasl - Type : ACT_GATHER_INFO
2012-03-01 Name : The remote host is affected by a remote code execution vulnerability.
File : dropbear_ssh_55.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://matt.ucc.asn.au/dropbear/CHANGES
http://secunia.com/advisories/48147
http://secunia.com/advisories/48929
http://www.debian.org/security/2012/dsa-2456
http://www.osvdb.org/79590
http://www.securityfocus.com/bid/52159
https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
https://www.mantor.org/~northox/misc/CVE-2012-0920.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2024-11-28 23:01:44
  • Multiple Updates
2024-11-28 12:29:01
  • Multiple Updates
2021-05-04 12:19:21
  • Multiple Updates
2021-04-22 01:23:04
  • Multiple Updates
2020-05-23 01:48:14
  • Multiple Updates
2020-05-23 00:33:02
  • Multiple Updates
2018-11-30 12:04:33
  • Multiple Updates
2018-10-31 00:20:17
  • Multiple Updates
2018-09-20 17:19:16
  • Multiple Updates
2017-08-29 09:23:43
  • Multiple Updates
2016-06-28 19:02:00
  • Multiple Updates
2016-04-26 21:34:27
  • Multiple Updates
2014-02-17 11:08:30
  • Multiple Updates
2013-09-20 17:21:12
  • Multiple Updates
2013-05-10 22:34:15
  • Multiple Updates