Full Disclosure mailing list archives
Re: SSH/OPENSSH HOLE ALL VERSIONS.
From: ull-disclosure () lists netsys com
Date: Tue, 4 Mar 2003 19:21:56 -0500 (EST)
A user who can successfully convince another user to write his ssh public key to ~/.ssh/authorized_keys will be able to gain access to that machine under that user's priveledges.
Worse than that, if you can get them to add your username and password to root you can get root privledges. Imagine that. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SSH/OPENSSH HOLE ALL VERSIONS. diacetyl (Mar 04)
- Re: SSH/OPENSSH HOLE ALL VERSIONS. Eric LeBlanc (Mar 04)
- Re: SSH/OPENSSH HOLE ALL VERSIONS. ull-disclosure (Mar 04)
- Re: SSH/OPENSSH HOLE ALL VERSIONS. aeonflux (Mar 08)