[ASA-202505-9] dropbear: arbitrary command execution

推荐订阅源

Docker

爱范儿

The Exploit Database - CXSecurity.com

量子位

Kaspersky official blog

Threat Research - Cisco Blogs

CERT Recently Published Vulnerability Notes

Hacker News: Front Page

Troy Hunt's Blog

Cyber Security Advisories - MS-ISAC

Google DeepMind News

WeLiveSecurity

Arctic Wolf

Apple Machine Learning Research

cs.AI updates on arXiv.org

Proofpoint News Feed

Tor Project blog

The Blog of Author Tim Ferriss

Intezer

Privacy & Cybersecurity Law Blog

美

美团技术团队

Netflix TechBlog - Medium

博

博客园_首页

OSCHINA 社区最新新闻

Vulnerabilities – Threatpost

Application and Cybersecurity Blog

Google Developers Blog

Attack and Defense Labs

月光博客

Microsoft Security Blog

About on SuperTechFans

Last Week in AI

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-5] konsole: arbitrary code execution [ASA-202506-4] go: multiple issues - Arch Linux [ASA-202506-3] samba: access restriction bypass [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-14] bind: denial of service [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-12] go: directory traversal - Arch Linux [ASA-202505-11] freetype2: arbitrary code execution [ASA-202505-10] python-django: denial of service [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service

[ASA-202505-9] dropbear: arbitrary command execution

Arch Linux S · 2025-05-20 · via Arch Linux Security Advisories

ASA-202505-9 log generated external raw

[ASA-202505-9] dropbear: arbitrary command execution
Arch Linux Security Advisory ASA-202505-9 ========================================= Severity: Medium Date : 2025-05-19 CVE-ID : CVE-2025-47203 Package : dropbear Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2874 Summary ======= The package dropbear before version 2025.88-1 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 2025.88-1. # pacman -Syu "dropbear>=2025.88-1" The problem has been fixed upstream in version 2025.88. Workaround ========== None. Description =========== dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. Impact ====== A remote attacker can craft a malicious hostname to execute arbitrary commands on a system using dbclient if the hostname is passed without proper sanitization. References ========== https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html https://security.archlinux.org/CVE-2025-47203

[ASA-202505-9] dropbear: arbitrary command execution

Arch Linux Security Advisory ASA-202505-9 ========================================= Severity: Medium Date : 2025-05-19 CVE-ID : CVE-2025-47203 Package : dropbear Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2874 Summary ======= The package dropbear before version 2025.88-1 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 2025.88-1. # pacman -Syu "dropbear>=2025.88-1" The problem has been fixed upstream in version 2025.88. Workaround ========== None. Description =========== dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. Impact ====== A remote attacker can craft a malicious hostname to execute arbitrary commands on a system using dbclient if the hostname is passed without proper sanitization. References ========== https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html https://security.archlinux.org/CVE-2025-47203

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。