CVE-2017-9079
NONE EPSS 21.4%
Published May 19, 20179y ago · Modified Jun 17, 20262w ago
Published May 19, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
Threat Intelligence
EPSS Exploit Probability
21.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-732
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| dropbear_ssh_project | dropbear_ssh | * | <2017.75 |
| debian | debian_linux | 8.0 | any |
References 3
- lists.ucc.gu.uwa.edu.au http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
- debian.org http://www.debian.org/security/2017/dsa-3859
- security.netapp.com https://security.netapp.com/advisory/ntap-20191004-0006/
Remediation
- lists.ucc.gu.uwa.edu.au http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html