Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Dropbear SSH server use-after-free vulnerability
From: Danny Fullerton <northox () mantor org>
Date: Fri, 24 Feb 2012 08:41:57 -0500

Dropbear SSH server use-after-free vulnerability

Impact: A remote authenticated user can execute arbitrary code on the
target system.
Class: Use After Free - CWE-416
CVE ID: CVE-2012-0920
CVSS: 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)

This vulnerability is located within the Dropbear daemon and occurs due
to the way the server manages channels concurrency. A specially crafted
request can trigger a `use after free` condition which can be used to
execute arbitrary code under root privileges provided the user has been
authenticated using a public key (authorized_keys file) and a command
restriction is enforced (command option).

Solution: Upgrade to version 2012.55 or higher.

Reference: https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

Disclosure Timeline:
2012-01-24 - Vulnerability reported to vendor.
2012-02-24 - Coordinated public release of advisory.

This vulnerability was discovered by Danny Fullerton from Mantor
Special thanks to Matt.

Attachment: signature.asc
Description: OpenPGP digital signature

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Dropbear SSH server use-after-free vulnerability Danny Fullerton (Feb 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]