[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] OpenSSH scp command expansion bug - is it local or remote?
1. Thanks for the patch and announcement today : SUSE-SA:2006:008
2. There seems to have been a co-ordinated disclosure and release of
patches for CVE-2006-0225 on January 25. Why did SuSE (and Debian)
not participate in that? Did the other vendors choose not to
co-ordinate with SuSE (and Debian) ?
3. I have now avidly read the majorr reports of CVE-2006-0225, most of
whom classify it as low priority, and all classify as local. It
seems to me, from the reports I read, that it is a local privilege
escalation that allows an
authenticated scp user to execute arbitrary shell commands, even if
they have scp-only privileges.
I am not in any way a skilled penetration tester - so I have to make a
judgement based on what I read. Have I misunderstood the other
reports, or have the other reports got it right, or have SuSE
discovered something new that makes it indeed a *remote*
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here