Thanks, this worked.
On 2025-05-13 02:47, Matt Johnston wrote:
dbclient 'localhost,|touch 123 '
Although I have a custom CLI as login shell in /etc/passwd, but if I
change it to /bin/sh then it works.
2. Both dbclient and ssh are symlinks to the same dropbear binary.
Does this CVE apply equal
Hi!
On 2025-05-09 18:15, Alan Coopersmith wrote:
https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html
announces the release of Dropbear SSH 2025.88 including this fix:
- Security: Don't allow dbclient hostname arguments to be interpreted
by the shell.
dbclient hostname ar
Hi,
On Wed, Apr 23, 2025 at 10:51 PM Salvatore Bonaccorso
wrote:
>
> FTR, this one has assigned CVE-2025-46394
> ...
> FTR, this one has CVE-2024-58251 assigned.
>From what I can tell the latest release is busybox-1.37.0. Are these fixed
in this release? If not, do you have any link to patches
