Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SSH/OPENSSH HOLE ALL VERSIONS.
From: ull-disclosure () lists netsys com
Date: Tue, 4 Mar 2003 19:21:56 -0500 (EST)

A user who can successfully convince another user to write his ssh public key
to ~/.ssh/authorized_keys will be able to gain access to that machine under
that user's priveledges.

Worse than that, if you can get them to add your username and password to
root you can get root privledges.

Imagine that.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]