|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] OpenSSH scp command expansion bug - is it local or remote?
From: David Corking (lists
dcorking.com)
Date: Tue Feb 14 2006 - 09:52:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That was quick, Marcus. Thanks!
On 2/14/06, Marcus Meissner <meissnersuse.de> wrote:
> > 1. Thanks for the patch and announcement today : SUSE-SA:2006:008
...
> > 3. I have now avidly read the major reports of CVE-2006-0225, most of
> > whom classify it as low priority, and all classify as local.
> I was undecided too when chosing it, and I do not see a direct threat.
>
> It is post authentication.
>
> The only way I understand this is problematic is when you have a scp-only
> remote configuration and can then execute programs on the remote machine.
That puts my mind at rest. Best regards, David
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]