Bugtraq mailing list archives
Re: SSH allows deletion of other users files...
From: Jerry Connolly <jerry.connolly () eircom net>
Date: Tue, 5 Jun 2001 14:31:42 +0100
Jason DiCioccio said the following on Mon, Jun 04, 2001 at 09:08:26AM -0700,
Also: SSH Version OpenSSH_2.3.0 green () FreeBSD org 20010321 -- That comes with FreeBSD 4.3-STABLE is not vulnerable at first glance. It does not appear to use /tmp files as yours does and therefore is not vulnerable.
I tested it on OpenSSH_2.5.2 on OpenBSD and it worked. I had to enable X forwarding on the client and server before the remote machine would create (and attempt to unlink() ) the cookies file. The offending code is in session.c in the xauthfile_cleanup_proc() function <SNIP> /* * Remove local Xauthority file. */ void xauthfile_cleanup_proc(void *ignore) { debug("xauthfile_cleanup_proc called"); if (xauthfile != NULL) { char *p; unlink(xauthfile); </SNIP> where xauthfile points to a buffer containing the name of the cookies file. Cheers. -- Jerry Connolly Computer Incident Response Team jerry.connolly () eircom net Eircom Multimedia
Current thread:
- SSH allows deletion of other users files... zen-parse (Jun 04)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)
- Re: SSH allows deletion of other users files... Dan Astoorian (Jun 05)
- Re: SSH allows deletion of other users files... Jerry Connolly (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 05)
- Re: SSH allows deletion of other users files... aleph1 (Jun 05)
- Re: SSH allows deletion of other users files... David F. Skoll (Jun 04)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 04)
- Re: SSH / X11 auth: needless complexity -> security problems? Peter W (Jun 05)
- Re: SSH / X11 auth: needless complexity -> security problems? Markus Friedl (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Theo de Raadt (Jun 10)
- Message not available
- Message not available
- Re: SSH / X11 auth: needless complexity -> security problems? Dale Southard (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Casper Dik (Jun 10)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)