Source: dropbear Version: 2025.88-2 Severity: grave Justification: user security hole Tags: security upstream X-Debbugs-Cc: Debian Security Team <[email protected]>
Dropbear upstream has recently released 2025.89 [0] which fixes the following vulnerability [1]: | Privilege escalation via unix stream forwarding in Dropbear server. | Other programs on a system may authenticate unix sockets via | SO_PEERCRED, which would be root user for Dropbear forwarded | connections, allowing root privilege escalation. | | Reported by Turistu, and thanks for advice on the fix. | | This is tracked as CVE-2025-14282, and affects 2024.84 to 2025.88. | | It is fixed by dropping privileges of the dropbear process after | authentication. Unix stream sockets are now disallowed when a | forced command is used, either with authorized_key restrictions or | "dropbear -c command". | | In previous affected releases running with "dropbear -j" (will also | disable TCP fowarding) or building with | localoptions.h/distrooptions.h "#define DROPBEAR_SVR_LOCALSTREAMFWD | 0" is a mitigation. | | The full fix of dropping privileges requires the commits in | https://github.com/mkj/dropbear/pull/391 | https://github.com/mkj/dropbear/pull/394 | | Unix socket forwarding is now disabled when forced command options | are used, since it could bypass command restrictions. | This isn't directly related to the privilege escalation, but could | allow arbitrary commands to be run as the correct user. -- Guilhem. [0] https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html [1] https://seclists.org/oss-sec/2025/q4/279
signature.asc
Description: PGP signature
