Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)

infosec.exchange

Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)

infosec.exchange

Diluvian to

blueteamsecEnglish · 5 months ago

David Leadbeater (@dgl@infosec.exchange)

infosec.exchange

If you have a bash command line of "exec program ..." and you can control the "..." can you make it not run the exec and do something different? The answer is yes. Even if "..." is somewhat sanitised for shell metacharacters. If you can inject $[+] it will make bash error on that line and run the next. This is how https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 works.

You must log in or # to comment.

Chat

blueteamsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

20 users / day
81 users / week
265 users / month
960 users / 6 months
228 local subscribers
664 subscribers
2.78K Posts
216 Comments
Modlog

mods:
digicat