Strange sftp input parameter handling, user assisted code execution?
Damien Miller
djm at mindrot.org
Wed Jun 18 08:33:25 EST 2008
On Wed, 18 Jun 2008, Damien Miller wrote:
> On Tue, 17 Jun 2008, Roman Fiedler wrote:
>
> > Hello list,
> >
> > I use openssh-client 1:4.7p1-8ubuntu1.2. After authentication:
> >
> > sftp> get !xxxx
> > /bin/bash: xxxx: command not found
> > Shell exited with status 127
>
> Can you reproduce this with OpenSSH 5.0p1?
I can't reproduce this with 5.0, but I can with 4.7p1 so I guess
it was fixed in my sftp argument processing rewrite.
-d
More information about the openssh-unix-dev
mailing list