FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dropbear -- arbitrary code execution

Affected packages
0.51 <= dropbear < 2012.55

Details

VuXML ID eba70db4-6640-11e1-98af-00262d8b701d
Discovery 2012-02-22
Entry 2012-03-04

The Dropbear project reports:

Dropbear SSH Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after- free error. If a command restriction is enforced, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

References

Bugtraq ID 52159
CVE Name CVE-2012-0920
URL http://secunia.com/advisories/48147
URL http://xforce.iss.net/xforce/xfdb/73444