wrong. openssh does since the 1st release. On Mon, Jun 04, 2001 at 09:08:26AM -0700, Jason DiCioccio wrote: > [EMAIL PROTECTED] wrote: > > >SSH allows deletion of other users files. > >========================================= > > > >You can delete any file on the filesystem you want... > > > >as long as its called cookies. > > > Is this for OpenSSH, or SSH 1.2.x or? Just kind of curious what > version(s) of SSH this was tested on. > > Also: SSH Version OpenSSH_2.3.0 [EMAIL PROTECTED] 20010321 -- That comes > with FreeBSD 4.3-STABLE > is not vulnerable at first glance. It does not appear to use /tmp files > as yours does and therefore is not vulnerable. > > Cheers, > -JD- > > -- > Jason DiCioccio - [EMAIL PROTECTED] - PGP Key @ http://bsd.st/~geniusj/pgpkey.asc > > >
- SSH allows deletion of other users files... zen-parse
- Re: SSH allows deletion of other users files... Jason DiCioccio
- Re: SSH allows deletion of other users files... Jerry Connolly
- Re: SSH allows deletion of other users files... Markus Friedl
- Re: SSH allows deletion of other users files... aleph1
- Re: SSH allows deletion of other users files... David F. Skoll
- Re: SSH allows deletion of other users files... sarnold
- Re: SSH allows deletion of other users files.... Markus Friedl
- Re: SSH / X11 auth: needless complexity ->... Peter W
- Re: SSH / X11 auth: needless complexity -... Markus Friedl
- Re: SSH / X11 auth: needless complex... Theo de Raadt
- Re: SSH / X11 auth: needless complexity -... Dale Southard
- Re: SSH / X11 auth: needless complex... Casper Dik
- nosymfollow Re: SSH allows deletion of other users fi... Jan Grant
