Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Markus Friedl (markusopenssh.com)
Date: Mon Jun 04 2001 - 16:08:38 CDT
wrong. openssh does since the 1st release.
On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote:
> zen-parsegmx.net wrote:
> >SSH allows deletion of other users files.
> >You can delete any file on the filesystem you want...
> >as long as its called cookies.
> Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what
> version(s) of SSH this was tested on.
> Also: SSH Version OpenSSH_2.3.0 greenFreeBSD.org 20010321 -- That comes
> with FreeBSD 4.3-STABLE
> is not vulnerable at first glance. It does not appear to use /tmp files
> as yours does and therefore is not vulnerable.
> Jason DiCioccio - geniusjbsd.st - PGP Key http://bsd.st/~geniusj/pgpkey.asc