zen-parseat_private wrote: >SSH allows deletion of other users files. >========================================= > >You can delete any file on the filesystem you want... > >as long as its called cookies. > Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what version(s) of SSH this was tested on. Also: SSH Version OpenSSH_2.3.0 greenat_private 20010321 -- That comes with FreeBSD 4.3-STABLE is not vulnerable at first glance. It does not appear to use /tmp files as yours does and therefore is not vulnerable. Cheers, -JD- -- Jason DiCioccio - geniusjat_private - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 13:49:00 PDT