CVE-2012-0920

Name of the Vulnerable Software and Affected Versions Dropbear SSH Server versions 0.52 through 2012.54

Description The issue allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to channels concurrency. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For Dropbear SSH Server versions 0.52 through 2012.54, update to version 2012.55 or later to resolve the issue. As a temporary workaround, consider disabling public key authentication and command restriction until a patch is available. Restrict access to the SSH server to minimize the risk of exploitation.