Bug 800655 (CVE-2012-0920) - CVE-2012-0920 dropbear: use-after-free vulnerability
Summary: CVE-2012-0920 dropbear: use-after-free vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-0920
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 800656 800657
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-06 21:20 UTC by Vincent Danen
Modified: 2019-09-29 12:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-03 17:27:22 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2012-03-06 21:20:32 UTC
It was reported [1] that the Dropbear SSH server suffered from a use-after-free flaw in how the server managed channels concurrency.  A specially-crafted request could trigger a use-after-free condition which could then be used to potentially execute arbitrary code with root privileges, provided that the user has been authenticated using a public key and also that a command restriction is enforced (the "command" option must be used in the authorized_keys file).

This has been corrected upstream in version 2012.55 [2] and is reported to affect versions 0.52 through 2011.54.

[1] http://archives.neohapsis.com/archives/fulldisclosure/2012-02/0404.html
[2] https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

Comment 1 Vincent Danen 2012-03-06 21:36:39 UTC
Tracking bugs were filed for:

Fedora-all: bug #800656
EPEL-6: bug #800657

Comment 2 Vincent Danen 2012-08-03 17:27:22 UTC
dropbear-0.55-1 has been pushed to all supported versions of Fedora and EPEL:

http://koji.fedoraproject.org/koji/packageinfo?packageID=5596


Note You need to log in before you can comment on or make changes to this bug.