Thanks, this worked. On 2025-05-13 02:47, Matt Johnston wrote:
Although I have a custom CLI as login shell in /etc/passwd, but if I change it to /bin/sh then it works.dbclient 'localhost,|touch 123 '
Thanks. That means I am vulnerable (except for the login shell part that complicates it).2. Both dbclient and ssh are symlinks to the same dropbear binary. Does this CVE apply equally to both, or is it specific to dbclient?It applies to both.
