Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dropbear: privilege escalation via unix domain socket forwardings
Vulnerability Description
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
dropbear 安全漏洞
Vulnerability Description
dropbear是Matt Johnston个人开发者的一个应用程序。 dropbear存在安全漏洞,该漏洞源于在多用户模式下,dropbear ssh服务器以root身份执行远程客户端请求的套接字转发,可能导致能够通过ssh登录的用户绕过文件系统限制连接到任何Unix套接字。
CVSS Information
N/A
Vulnerability Type
N/A