CNNVD-202602-2071 Information
CNNVD ID
CNNVD-202602-2071
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
dropbear是Matt Johnston个人开发者的一个应用程序。 dropbear存在安全漏洞,该漏洞源于在多用户模式下,dropbear ssh服务器以root身份执行远程客户端请求的套接字转发,可能导致能够通过ssh登录的用户绕过文件系统限制连接到任何Unix套接字。
Description (English)
Dropbear is an application for Matt Johnston’s personal developer. There is a security loophole in dropbear, which results from the transfer of a patch from the dropbear ssh server to execute a remote client request as root in a multi-user mode, which may result in users able to access the ssh log through the file system to limit access to any Unix package.
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/mkj/dropbear/pull/394 http://www.openwall.com/lists/oss-security/2025/12/16/4 http://www.openwall.com/lists/oss-security/2025/12/17/1 https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html https://bugzilla.redhat.com/show_bug.cgi?id=2420052 https://access.redhat.com/security/cve/CVE-2025-14282 https://github.com/mkj/dropbear/pull/391
Patch
https://github.com/mkj/dropbear/releases
Share on: