FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dropbear -- arbitrary code execution

Affected packages
0.51 <= dropbear < 2012.55


VuXML ID eba70db4-6640-11e1-98af-00262d8b701d
Discovery 2012-02-22
Entry 2012-03-04

The Dropbear project reports:

Dropbear SSH Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after- free error. If a command restriction is enforced, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.


Bugtraq ID 52159
CVE Name CVE-2012-0920