Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SSH allows deletion of other users files...
From: Markus Friedl <markus () openssh com>
Date: Mon, 4 Jun 2001 23:08:38 +0200

wrong. openssh does since the 1st release.

On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote:
zen-parse () gmx net wrote:

SSH allows deletion of other users files.

You can delete any file on the filesystem you want...

as long as its called cookies.

Is this for OpenSSH, or SSH 1.2.x or?  Just kind of curious what 
version(s) of SSH this was tested on.

Also: SSH Version OpenSSH_2.3.0 green () FreeBSD org 20010321 -- That comes 
with FreeBSD 4.3-STABLE
is not vulnerable at first glance.  It does not appear to use /tmp files 
as yours does and therefore is not vulnerable.


Jason DiCioccio - geniusj () bsd st - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]