search for: scpuser

http://bugzilla.mindrot.org/show_bug.cgi?id=844 Summary: the client copy is over written during scp Product: Portable OpenSSH Version: -current Platform: Other OS/Version: AIX Status: NEW Severity: trivial Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy:

...OUDA.NET> Subject: openssh2.2.p1 - Re: scp file transfer hole To: BUGTRAQ at SECURITYFOCUS.COM In-Reply-To: <Pine.LNX.4.10.10009302120460.852-100000 at localhost> Openssh2.2.0p1 IS vulnerable, but some change is needed in fake scp to exploit it. Using your scripts I could make suid scpuser's file in /tmp, but probably due to some protocol change in scp, the file was empty and scp has died with "lost connection". Since openssh 2.2.0p1 is latest existing version, this vulnerability probably exist in every single scp version in the world. Martin On Sat, 30 Sep...