You are probably already aware, but Cloudflare is throwing error 525 pages
for Dropbear-related sites failing to establish connections to the origin
servers:
https://matt.ucc.asn.au/dropbear/dropbear.html
https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html
No need to follow up w
Thanks, this worked.
On 2025-05-13 02:47, Matt Johnston wrote:
dbclient 'localhost,|touch 123 '
Although I have a custom CLI as login shell in /etc/passwd, but if I
change it to /bin/sh then it works.
2. Both dbclient and ssh are symlinks to the same dropbear binary.
Does this CVE apply equal
Hi Albert,
2024.86 is affected.
On 2025-05-13 2:47 am, Albert Veli wrote:
I'm currently triaging CVE-2025-47203 to determine whether an embedded
system we maintain is actually affected. It runs 2024.86, and is built
with DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_MULTIHOP enabled.
However, despit
Hi!
On 2025-05-09 18:15, Alan Coopersmith wrote:
https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html
announces the release of Dropbear SSH 2025.88 including this fix:
- Security: Don't allow dbclient hostname arguments to be interpreted
by the shell.
dbclient hostname ar
https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html
announces the release of Dropbear SSH 2025.88 including this fix:
- Security: Don't allow dbclient hostname arguments to be interpreted
by the shell.
dbclient hostname arguments with a comma (for multihop) would be
pass
