exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Dropbear SSH Server Use-After-Free

Dropbear SSH Server Use-After-Free
Posted Feb 24, 2012
Authored by Danny Fullerton

The Dropbear SSH server suffers from a use-after-free vulnerability that allows for arbitrary code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2012-0920
SHA-256 | 64265ec1c523533339855204fdc6f2a60efec7010b11b476bb2709c5aaf7b16e

Dropbear SSH Server Use-After-Free

Change Mirror Download
Dropbear SSH server use-after-free vulnerability

Impact: A remote authenticated user can execute arbitrary code on the
target system.
Class: Use After Free - CWE-416
CVE ID: CVE-2012-0920
CVSS: 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)

Description:
This vulnerability is located within the Dropbear daemon and occurs due
to the way the server manages channels concurrency. A specially crafted
request can trigger a `use after free` condition which can be used to
execute arbitrary code under root privileges provided the user has been
authenticated using a public key (authorized_keys file) and a command
restriction is enforced (command option).

Solution: Upgrade to version 2012.55 or higher.

Reference: https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

Disclosure Timeline:
2012-01-24 - Vulnerability reported to vendor.
2012-02-24 - Coordinated public release of advisory.

Credit:
This vulnerability was discovered by Danny Fullerton from Mantor
Organization.
Special thanks to Matt.
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close