Full Disclosure mailing list archives

Re: SSH/OPENSSH HOLE ALL VERSIONS.

From: ull-disclosure () lists netsys com
Date: Tue, 4 Mar 2003 19:21:56 -0500 (EST)

A user who can successfully convince another user to write his ssh public key
to ~/.ssh/authorized_keys will be able to gain access to that machine under
that user's priveledges.


Worse than that, if you can get them to add your username and password to
root you can get root privledges.

Imagine that.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

SSH/OPENSSH HOLE ALL VERSIONS. diacetyl (Mar 04)
- Re: SSH/OPENSSH HOLE ALL VERSIONS. Eric LeBlanc (Mar 04)
- Re: SSH/OPENSSH HOLE ALL VERSIONS. ull-disclosure (Mar 04)
- Re: SSH/OPENSSH HOLE ALL VERSIONS. aeonflux (Mar 08)