Bugtraq mailing list archives
Re: SSH allows deletion of other users files...
From: Jason DiCioccio <geniusj () bsd st>
Date: Mon, 04 Jun 2001 09:08:26 -0700
zen-parse () gmx net wrote:
Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what version(s) of SSH this was tested on.SSH allows deletion of other users files. ========================================= You can delete any file on the filesystem you want... as long as its called cookies.
Also: SSH Version OpenSSH_2.3.0 green () FreeBSD org 20010321 -- That comes with FreeBSD 4.3-STABLE is not vulnerable at first glance. It does not appear to use /tmp files as yours does and therefore is not vulnerable.
Cheers, -JD- -- Jason DiCioccio - geniusj () bsd st - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc
Current thread:
- SSH allows deletion of other users files... zen-parse (Jun 04)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)
- Re: SSH allows deletion of other users files... Dan Astoorian (Jun 05)
- Re: SSH allows deletion of other users files... Jerry Connolly (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 05)
- Re: SSH allows deletion of other users files... aleph1 (Jun 05)
- Re: SSH allows deletion of other users files... David F. Skoll (Jun 04)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 04)
- Re: SSH / X11 auth: needless complexity -> security problems? Peter W (Jun 05)
- Re: SSH / X11 auth: needless complexity -> security problems? Markus Friedl (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Theo de Raadt (Jun 10)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)