CVE-2017-9079

medium

Description

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.

References

https://security.netapp.com/advisory/ntap-20191004-0006/

http://www.debian.org/security/2017/dsa-3859

http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html

Details

Source: Mitre, NVD

Published: 2017-05-19

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium