[Bug 805] scp-ing using a regular user created files in ROOT directory which was NOT writable for that user

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 3 13:05:09 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=805

           Summary: scp-ing using a regular user created files in ROOT
                    directory which was NOT writable for that user
           Product: Portable OpenSSH
           Version: 3.6.1p2
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: P2
         Component: scp
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: wim.delvaux at adaptiveplanet.com


Command : 
 
scp SomeLocalFile USER at Host:/ 	# in fact the / was a type-o 
 
Password for USER was given and entered 
 
File was created .. under root of HOST .  However ls -la of that ROOT directory showed 
755 rights and owned by root.  So USER is NOT allowed to write files there. 
 
This can mean that any user can copy a file over the vmlinux kernel 
 
This is a SEVER error. 
 
I do not know if other versions of ssh/scp are affected.  My version is 2.6.1P2 (Debian 
SID)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list