|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Markus Friedl (markus
openssh.com)Date: Mon Jun 04 2001 - 16:08:38 CDT
wrong. openssh does since the 1st release.
On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote:
> zen-parsegmx.net wrote:
>
> >SSH allows deletion of other users files.
> >=========================================
> >
> >You can delete any file on the filesystem you want...
> >
> >as long as its called cookies.
> >
> Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what
> version(s) of SSH this was tested on.
>
> Also: SSH Version OpenSSH_2.3.0 greenFreeBSD.org 20010321 -- That comes
> with FreeBSD 4.3-STABLE
> is not vulnerable at first glance. It does not appear to use /tmp files
> as yours does and therefore is not vulnerable.
>
> Cheers,
> -JD-
>
> --
> Jason DiCioccio - geniusjbsd.st - PGP Key http://bsd.st/~geniusj/pgpkey.asc
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]