CVE-2017-9079

NONE EPSS 21.4%
Published May 19, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 19, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.

Threat Intelligence

EPSS Exploit Probability
21.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-732

Affected Products 2

VendorProductVersionRange
dropbear_ssh_projectdropbear_ssh* <2017.75
debiandebian_linux8.0any

References 3

  • lists.ucc.gu.uwa.edu.au http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
    Mailing ListPatchThird Party Advisory
  • debian.org http://www.debian.org/security/2017/dsa-3859
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20191004-0006/

Remediation

  • lists.ucc.gu.uwa.edu.au http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
    Mailing ListPatchThird Party Advisory