Vulnerability Description
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropbear Ssh Project | Dropbear Ssh | < 2017.75 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.htmlMailing ListPatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3859Third Party Advisory
- https://security.netapp.com/advisory/ntap-20191004-0006/
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.htmlMailing ListPatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3859Third Party Advisory
- https://security.netapp.com/advisory/ntap-20191004-0006/
FAQ
What is CVE-2017-9079?
CVE-2017-9079 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is rea...
How severe is CVE-2017-9079?
CVE-2017-9079 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9079?
Check the references section above for vendor advisories and patch information. Affected products include: Dropbear Ssh Project Dropbear Ssh, Debian Debian Linux.