|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jason DiCioccio (geniusj
bsd.st)Date: Mon Jun 04 2001 - 11:08:26 CDT
zen-parsegmx.net wrote:
>SSH allows deletion of other users files.
>=========================================
>
>You can delete any file on the filesystem you want...
>
>as long as its called cookies.
>
Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what
version(s) of SSH this was tested on.
Also: SSH Version OpenSSH_2.3.0 greenFreeBSD.org 20010321 -- That comes
with FreeBSD 4.3-STABLE
is not vulnerable at first glance. It does not appear to use /tmp files
as yours does and therefore is not vulnerable.
Cheers,
-JD-
-- Jason DiCioccio - geniusj
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]