[EMAIL PROTECTED] wrote: >SSH allows deletion of other users files. >========================================= > >You can delete any file on the filesystem you want... > >as long as its called cookies. > Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what version(s) of SSH this was tested on. Also: SSH Version OpenSSH_2.3.0 [EMAIL PROTECTED] 20010321 -- That comes with FreeBSD 4.3-STABLE is not vulnerable at first glance. It does not appear to use /tmp files as yours does and therefore is not vulnerable. Cheers, -JD- -- Jason DiCioccio - [EMAIL PROTECTED] - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc
- SSH allows deletion of other users files... zen-parse
- Re: SSH allows deletion of other users files... Jason DiCioccio
- Re: SSH allows deletion of other users files... Jerry Connolly
- Re: SSH allows deletion of other users files... Markus Friedl
- Re: SSH allows deletion of other users files... aleph1
- Re: SSH allows deletion of other users files... David F. Skoll
- Re: SSH allows deletion of other users files... sarnold
- Re: SSH allows deletion of other users files.... Markus Friedl
- Re: SSH / X11 auth: needless complexity ->... Peter W
- Re: SSH / X11 auth: needless complexity -... Markus Friedl
- Re: SSH / X11 auth: needless complex... Theo de Raadt
- Re: SSH / X11 auth: needless complexity -... Dale Southard