Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-9079

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.

Related bugs and status

CVE-2017-9079 (Candidate) is related to these bugs:

Bug #1790722: Dropbear in Xenial is missing security updates

Summary				In	Importance	Status
	1790722	Dropbear in Xenial is missing security updates		dropbear (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://lists.ucc.gu.uw...
DEBIAN: DSA-3859
CONFIRM: https://security.netap...