oss-sec mailing list archives
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203
From: Albert Veli <albert.veli () gmail com>
Date: Tue, 13 May 2025 12:49:44 +0200
Thanks, this worked. On 2025-05-13 02:47, Matt Johnston wrote:
Although I have a custom CLI as login shell in /etc/passwd, but if I change it to /bin/sh then it works.dbclient 'localhost,|touch 123 '
Thanks. That means I am vulnerable (except for the login shell part that complicates it).2. Both dbclient and ssh are symlinks to the same dropbear binary. Does this CVE apply equally to both, or is it specific to dbclient?It applies to both.
Current thread:
- Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith (May 09)
- Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli (May 12)
- Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston (May 12)
- Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli (May 13)
- Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart (May 13)
- Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston (May 12)
- Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli (May 12)