Описание
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2017.75-3build1 |
| cosmic | not-affected | 2017.75-3build1 |
| devel | not-affected | 2017.75-3build1 |
| disco | not-affected | 2017.75-3build1 |
| eoan | not-affected | 2017.75-3build1 |
| esm-apps/bionic | not-affected | 2017.75-3build1 |
| esm-apps/focal | not-affected | 2017.75-3build1 |
| esm-apps/jammy | not-affected | 2017.75-3build1 |
| esm-apps/noble | not-affected | 2017.75-3build1 |
Показывать по
4.7 Medium
CVSS2
4.7 Medium
CVSS3
Связанные уязвимости
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
Dropbear before 2017.75 might allow local users to read certain files ...
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
Уязвимость модуля /.ssh/authorized_keys пакета программ для организации сеансов связи по протоколу SSH Dropbear, позволяющая нарушителю раскрыть защищаемую информацию
4.7 Medium
CVSS2
4.7 Medium
CVSS3