Bugtrag 16369

Darren Tucker dtucker at zip.com.au
Thu Feb 2 18:28:27 EST 2006


On Wed, Feb 01, 2006 at 11:02:32AM -0000, Maula Tinvir wrote:
> I have a some questions about bugtrag 16369 (OpenSSH local SCP Shell
> Command Execution Vulnerability). How exactly can this vulnerability be
> exploited by a local user (I know it can lead to elevated privileges)?  

Assuming that's CVE-2006-0225, it seems that a malicious user must create
a file and then cause (or wait for) the victim to attempt to copy it.

> Is there a patch available for this yet?

The fix is in the just-released OpenSSH 4.3p1, and the patch is over in
the bug: http://bugzilla.mindrot.org/show_bug.cgi?id=1094

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list