Mailinglist Archive: opensuse-security (81 mails)

< Previous Next >
OpenSSH scp command expansion bug - is it local or remote?
  • From: David Corking <lists@xxxxxxxxxxxx>
  • Date: Tue, 14 Feb 2006 15:19:58 +0000
  • Message-id: <f7a24bea0602140719m18125388g793197671673a8d0@xxxxxxxxxxxxxx>
1. Thanks for the patch and announcement today : SUSE-SA:2006:008

2. There seems to have been a co-ordinated disclosure and release of
patches for CVE-2006-0225 on January 25. Why did SuSE (and Debian)
not participate in that? Did the other vendors choose not to
co-ordinate with SuSE (and Debian) ?

3. I have now avidly read the majorr reports of CVE-2006-0225, most of
whom classify it as low priority, and all classify as local. It
seems to me, from the reports I read, that it is a local privilege
escalation that allows an
authenticated scp user to execute arbitrary shell commands, even if
they have scp-only privileges.

I am not in any way a skilled penetration tester - so I have to make a
judgement based on what I read. Have I misunderstood the other
reports, or have the other reports got it right, or have SuSE
discovered something new that makes it indeed a *remote*
vulnerability?

David

< Previous Next >
Follow Ups