[Bug 805] scp-ing using a regular user created files in ROOT directory which was NOT writable for that user
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Mar 3 13:05:09 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=805
Summary: scp-ing using a regular user created files in ROOT
directory which was NOT writable for that user
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: scp
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: wim.delvaux at adaptiveplanet.com
Command :
scp SomeLocalFile USER at Host:/ # in fact the / was a type-o
Password for USER was given and entered
File was created .. under root of HOST . However ls -la of that ROOT directory showed
755 rights and owned by root. So USER is NOT allowed to write files there.
This can mean that any user can copy a file over the vmlinux kernel
This is a SEVER error.
I do not know if other versions of ssh/scp are affected. My version is 2.6.1P2 (Debian
SID)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list