Dropbear -- two vulnerabilities
Matt Johnston reports:
Fix double-free in server TCP listener cleanup A double-free in
the server could be triggered by an authenticated user if dropbear
is running with -a (Allow connections to forwarded ports from any
host) This could potentially allow arbitrary code execution as root
by an authenticated user.
Fix information disclosure with ~/.ssh/authorized_keys symlink.
Dropbear parsed authorized_keys as root, even if it were a symlink.
The fix is to switch to user permissions when opening authorized_keys.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright