Bugtrag 16369
Darren Tucker
dtucker at zip.com.au
Thu Feb 2 18:28:27 EST 2006
On Wed, Feb 01, 2006 at 11:02:32AM -0000, Maula Tinvir wrote:
> I have a some questions about bugtrag 16369 (OpenSSH local SCP Shell
> Command Execution Vulnerability). How exactly can this vulnerability be
> exploited by a local user (I know it can lead to elevated privileges)?
Assuming that's CVE-2006-0225, it seems that a malicious user must create
a file and then cause (or wait for) the victim to attempt to copy it.
> Is there a patch available for this yet?
The fix is in the just-released OpenSSH 4.3p1, and the patch is over in
the bug: http://bugzilla.mindrot.org/show_bug.cgi?id=1094
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list