Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)

infosec.exchange

Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)

infosec.exchange

Diluvian@infosec.pub to

blueteamsec@infosec.pubEnglish · 6 months ago

David Leadbeater (@dgl@infosec.exchange)

infosec.exchange

If you have a bash command line of "exec program ..." and you can control the "..." can you make it not run the exec and do something different? The answer is yes. Even if "..." is somewhat sanitised for shell metacharacters. If you can inject $[+] it will make bash error on that line and run the next. This is how https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 works.

You must log in or # to comment.

Chat

blueteamsec@infosec.pub

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

16 users / day
74 users / week
226 users / month
851 users / 6 months
2 local subscribers
669 subscribers
2.89K Posts
185 Comments
Modlog

mods:
digicat@infosec.pub