Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Danny Fullerton (northoxmantor.org)
Date: Fri Feb 24 2012 - 07:41:57 CST
Dropbear SSH server use-after-free vulnerability
Impact: A remote authenticated user can execute arbitrary code on the
Class: Use After Free - CWE-416
CVE ID: CVE-2012-0920
CVSS: 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)
This vulnerability is located within the Dropbear daemon and occurs due
to the way the server manages channels concurrency. A specially crafted
request can trigger a `use after free` condition which can be used to
execute arbitrary code under root privileges provided the user has been
authenticated using a public key (authorized_keys file) and a command
restriction is enforced (command option).
Solution: Upgrade to version 2012.55 or higher.
2012-01-24 - Vulnerability reported to vendor.
2012-02-24 - Coordinated public release of advisory.
This vulnerability was discovered by Danny Fullerton from Mantor
Special thanks to Matt.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- application/pgp-signature attachment: OpenPGP digital signature