Launchpad.net

CVE 2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Related bugs and status

CVE-2012-0920 (Candidate) is related to these bugs:

Bug #976360: CVE-2012-0920 needs fixing, server use-after-free

		In	Importance	Status
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Ubuntu)	Undecided	Fix Released
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Debian)	Unknown	Fix Released
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Ubuntu Lucid)	Undecided	Fix Released
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Ubuntu Natty)	Undecided	Fix Released
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Ubuntu Precise)	Undecided	Fix Released
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Ubuntu Oneiric)	Undecided	Fix Released
976360	CVE-2012-0920 needs fixing, server use-after-free	dropbear (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0920

Related bugs and status

Related bugs

References