[20866] in bugtraq
Re: SSH allows deletion of other users files...
daemon@ATHENA.MIT.EDU (Markus Friedl)
Tue Jun 5 15:20:36 2001
Date: Mon, 4 Jun 2001 23:08:38 +0200
From: Markus Friedl <markus@openssh.com>
To: Jason DiCioccio <geniusj@bsd.st>
Cc: zen-parse@gmx.net, bugtraq@securityfocus.com
Message-ID: <20010604230838.A9530@faui02.informatik.uni-erlangen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <3B1BB27A.1020104@bsd.st>; from geniusj@bsd.st on Mon, Jun 04, 2001 at 09:08:26AM -0700
wrong. openssh does since the 1st release.
On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote:
> zen-parse@gmx.net wrote:
>
> >SSH allows deletion of other users files.
> >=========================================
> >
> >You can delete any file on the filesystem you want...
> >
> >as long as its called cookies.
> >
> Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what
> version(s) of SSH this was tested on.
>
> Also: SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321 -- That comes
> with FreeBSD 4.3-STABLE
> is not vulnerable at first glance. It does not appear to use /tmp files
> as yours does and therefore is not vulnerable.
>
> Cheers,
> -JD-
>
> --
> Jason DiCioccio - geniusj@bsd.st - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc
>
>
>
