Bugtraq mailing list archives
Re: SSH allows deletion of other users files...
From: Markus Friedl <markus () openssh com>
Date: Mon, 4 Jun 2001 23:08:38 +0200
wrong. openssh does since the 1st release. On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote:
zen-parse () gmx net wrote:SSH allows deletion of other users files. ========================================= You can delete any file on the filesystem you want... as long as its called cookies.Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what version(s) of SSH this was tested on. Also: SSH Version OpenSSH_2.3.0 green () FreeBSD org 20010321 -- That comes with FreeBSD 4.3-STABLE is not vulnerable at first glance. It does not appear to use /tmp files as yours does and therefore is not vulnerable. Cheers, -JD- -- Jason DiCioccio - geniusj () bsd st - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc
Current thread:
- SSH allows deletion of other users files... zen-parse (Jun 04)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)
- Re: SSH allows deletion of other users files... Dan Astoorian (Jun 05)
- Re: SSH allows deletion of other users files... Jerry Connolly (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 05)
- Re: SSH allows deletion of other users files... aleph1 (Jun 05)
- Re: SSH allows deletion of other users files... David F. Skoll (Jun 04)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 04)
- Re: SSH / X11 auth: needless complexity -> security problems? Peter W (Jun 05)
- Re: SSH / X11 auth: needless complexity -> security problems? Markus Friedl (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Theo de Raadt (Jun 10)
- Message not available
- Message not available
- Re: SSH / X11 auth: needless complexity -> security problems? Dale Southard (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Casper Dik (Jun 10)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)