[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] OpenSSH scp command expansion bug - is it local or remote?

1. Thanks for the patch and announcement today : SUSE-SA:2006:008

2. There seems to have been a co-ordinated disclosure and release of
patches for CVE-2006-0225 on January 25.  Why did SuSE (and Debian)
not participate in that?   Did the other vendors choose not to
co-ordinate with SuSE (and Debian) ?

3. I have now avidly read the majorr reports of CVE-2006-0225, most of
whom classify it as low priority, and all classify as local.   It
seems to me, from the reports I read, that it is a local privilege
escalation that allows an
authenticated scp user to execute arbitrary shell commands, even if
they have scp-only privileges.

I am not in any way a skilled penetration tester - so I have to make a
judgement based on what I read.  Have I misunderstood the other
reports, or have the other reports got it right, or have SuSE
discovered something new that makes it indeed a *remote*


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here