| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F4793A5.5010405@mantor.org>
Date: Fri, 24 Feb 2012 08:41:57 -0500
From: Danny Fullerton <northox@...tor.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Dropbear SSH server use-after-free vulnerability
Dropbear SSH server use-after-free vulnerability
Impact: A remote authenticated user can execute arbitrary code on the
target system.
Class: Use After Free - CWE-416
CVE ID: CVE-2012-0920
CVSS: 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)
Description:
This vulnerability is located within the Dropbear daemon and occurs due
to the way the server manages channels concurrency. A specially crafted
request can trigger a `use after free` condition which can be used to
execute arbitrary code under root privileges provided the user has been
authenticated using a public key (authorized_keys file) and a command
restriction is enforced (command option).
Solution: Upgrade to version 2012.55 or higher.
Reference: https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
Disclosure Timeline:
2012-01-24 - Vulnerability reported to vendor.
2012-02-24 - Coordinated public release of advisory.
Credit:
This vulnerability was discovered by Danny Fullerton from Mantor
Organization.
Special thanks to Matt.
Download attachment "signature.asc" of type "application/pgp-signature" (263 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists