openssh unix dev - Feb 2006 - Bugtrag 16369

Hi, 

I have a some questions about bugtrag 16369 (OpenSSH local SCP Shell
Command Execution Vulnerability). How exactly can this vulnerability be
exploited by a local user (I know it can lead to elevated privileges)?  

Is there a patch available for this yet?

I would appreciate any help you can provide.

Kind Regrets

Tinvir(Unix Security).

 



Legal Disclaimer:-
Internet communications are not secure and therefore the 
Barclays Group does not accept legal responsibility for the 
contents of this message.  Although the Barclays Group 
operates anti-virus programmes, it does not accept 
responsibility for any damage whatsoever that is caused 
by viruses being passed.  Any views or opinions presented 
are solely those of the author and do not necessarily 
represent those of the Barclays Group.

On Wed, Feb 01, 2006 at 11:02:32AM -0000, Maula Tinvir
wrote:
> I have a some questions about bugtrag 16369 (OpenSSH local SCP Shell
> Command Execution Vulnerability). How exactly can this vulnerability be
> exploited by a local user (I know it can lead to elevated privileges)?  
Assuming that's CVE-2006-0225, it seems that a malicious user must create
a file and then cause (or wait for) the victim to attempt to copy it.
> Is there a patch available for this yet?
The fix is in the just-released OpenSSH 4.3p1, and the patch is over in
the bug: http://bugzilla.mindrot.org/show_bug.cgi?id=1094

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.