logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>
-->

[SMGLSA-2006:4] openssh vulnerability: msg#00000

Subject: [SMGLSA-2006:4] openssh vulnerability 
openssh:
CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
subshell to perform local to local, and remote to remote copy
operations. This subshell exposed filenames to shell expansion
twice; allowing a local attacker to create filenames containing
shell metacharacters that, if matched by a wildcard, could lead
to execution of attacker-specified commands with the privilege of
the user running scp.

For more info:
Announce: OpenSSH 4.3 released
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=113879773216803&w=2
CVE-2006-0225
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225

-----
All openssh users should:
# scribe update
# cast -c openssh

or

# scribe update
# sorcery queue-security
# cast --queue

--
Ladislav Hagara
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Fcron non-exploitable buffer overflow, Andrew \"ruskie\" Levstik
Next by Thread:  Fcron non-exploitable buffer overflow, Andrew \"ruskie\" Levstik
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
handhelds.pocke...    colinux.general...    apache.maven.no...    kde.freebsd/200...    emacs.devel/200...    qnx.openqnx.dev...    lib.fox-toolkit...    genealogy.gramp...    bug-tracking.gn...    yellowdog.gener...    network.zebra.b...    recreation.radi...    mathematics.aba...    internationaliz...    freebsd.devel.n...    xfree86.cvs/200...    security.cyrus....    desktop.xfce.de...    text.xml.french...    video.gimp.deve...    windows.devel.d...    politics.activi...    user-groups.lin...    java.ejb.middle...   
Home | blog view | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo