mailing list archives
Re: SSH allows deletion of other users files...
From: Jason DiCioccio <geniusj () bsd st>
Date: Mon, 04 Jun 2001 09:08:26 -0700
zen-parse () gmx net wrote:
Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what
version(s) of SSH this was tested on.
SSH allows deletion of other users files.
You can delete any file on the filesystem you want...
as long as its called cookies.
Also: SSH Version OpenSSH_2.3.0 green () FreeBSD org 20010321 -- That comes
with FreeBSD 4.3-STABLE
is not vulnerable at first glance. It does not appear to use /tmp files
as yours does and therefore is not vulnerable.
Jason DiCioccio - geniusj () bsd st - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc