CVE-2017-9079

Name of the Vulnerable Software and Affected Versions Dropbear versions prior to 2017.75 Dropbear (affected versions not specified) is not applicable here as we have specific version information.

Description The issue allows local users to read certain files as root, given that the file has the authorized keys file format with a command= option. This occurs because ~/.ssh/authorized keys is read with root privileges and symlinks are followed.

Recommendations For versions prior to 2017.75, update to version 2017.75 or later to resolve the issue. As a temporary workaround, consider restricting access to the ~/.ssh/authorized keys file to minimize the risk of exploitation.