Dropbear SSH 2025.88 修复 CVE-2025-47203 安全漏洞
Dropbear SSH 2025.88修复了CVE-2025-47203漏洞,避免dbclient主机名参数被shell解释以防止执行任意命令。 2025-5-9 16:17:0 Author: seclists.org(查看原文) 阅读量:34 收藏
Dropbear SSH 2025.88修复了CVE-2025-47203漏洞,避免dbclient主机名参数被shell解释以防止执行任意命令。 2025-5-9 16:17:0 Author: seclists.org(查看原文) 阅读量:34 收藏
oss-sec mailing list archives
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 9 May 2025 09:15:37 -0700
https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html announces the release of Dropbear SSH 2025.88 including this fix:
- Security: Don't allow dbclient hostname arguments to be interpreted by the shell. dbclient hostname arguments with a comma (for multihop) would be passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient is passed untrusted hostname arguments. Now the multihop command is executed directly, no shell is involved. Thanks to Marcin Nowak for the report, tracked as CVE-2025-47203
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith (May 09)
文章来源: https://seclists.org/oss-sec/2025/q2/116
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh