wrong. openssh does since the 1st release. On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote: > zen-parseat_private wrote: > > >SSH allows deletion of other users files. > >========================================= > > > >You can delete any file on the filesystem you want... > > > >as long as its called cookies. > > > Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what > version(s) of SSH this was tested on. > > Also: SSH Version OpenSSH_2.3.0 greenat_private 20010321 -- That comes > with FreeBSD 4.3-STABLE > is not vulnerable at first glance. It does not appear to use /tmp files > as yours does and therefore is not vulnerable. > > Cheers, > -JD- > > -- > Jason DiCioccio - geniusjat_private - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc > > >
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 12:21:01 PDT