Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SSH allows deletion of other users files...
From: Jason DiCioccio <geniusj () bsd st>
Date: Mon, 04 Jun 2001 09:08:26 -0700

zen-parse () gmx net wrote:

SSH allows deletion of other users files.

You can delete any file on the filesystem you want...

as long as its called cookies.

Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what version(s) of SSH this was tested on.

Also: SSH Version OpenSSH_2.3.0 green () FreeBSD org 20010321 -- That comes with FreeBSD 4.3-STABLE is not vulnerable at first glance. It does not appear to use /tmp files as yours does and therefore is not vulnerable.


Jason DiCioccio - geniusj () bsd st - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]