Description
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | | 2016.74-5 |
 alpine v3.5 | | =0.52-r0 || =0.52-r1 || =0.52-r2 || =0.52-r3 || =0.52-r4 || =0.53.1-r0 || =0.53.1-r1 || =2012.55-r0 || =2013.58-r0 || =2014.63-r0 || =2014.65-r0 || =2014.66-r0 || =2014.66-r1 || =2015.67-r0 || =2015.68-r0 || =2015.68-r1 || =2015.68-r2 || =2015.70-r2 || =2015.71-r0 || =2015.71-r1 || =2016.73-r0 || =2016.74-r0 || =2016.74-r1 || >=0 <2017.75-r0 | 2017.75-r0 |
alpine v3.4 | | =0.52-r0 || =0.52-r1 || =0.52-r2 || =0.52-r3 || =0.52-r4 || =0.53.1-r0 || =0.53.1-r1 || =2012.55-r0 || =2013.58-r0 || =2014.63-r0 || =2014.65-r0 || =2014.66-r0 || =2014.66-r1 || =2015.67-r0 || =2015.68-r0 || =2015.68-r1 || =2015.68-r2 || =2015.70-r2 || =2015.71-r0 || =2015.71-r1 || =2016.73-r0 || =2016.74-r0 || >=0 <2017.75-r0 | 2017.75-r0 |
debian 14 | | | 2016.74-5 |
debian 12 | | | 2016.74-5 |
debian 13 | | | 2016.74-5 |
