Vulnerability Note VU#655259
OpenSSH allows arbitrary file deletion via symlink redirection of temporary file
Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd.
sshd is the server software used to support ssh, a popular encryted connection program. Some versions of OpenSSH fail to handle temporary files in a secure fashion, allowing their removal during an ssh session. This removal may be reflected in the removal of files named "cookies" on the server. Since sshd runs setuid root, ownership and protection of the "cookies" file will be disregarded.
Using this exploit, an attacker may cause loss of data, particularly web location data used in many web sites.
Apply vendor patches; see the Systems Affected section below.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||03 Jul 2001||09 Aug 2001|
|Conectiva||Affected||04 Jun 2001||15 Nov 2001|
|Immunix||Affected||04 Jun 2001||15 Nov 2001|
|NetBSD||Affected||-||31 Jul 2001|
|OpenBSD||Affected||12 Jun 2001||21 Aug 2001|
|OpenSSH||Affected||12 Jun 2001||21 Aug 2001|
CVSS Metrics (Learn More)
This vulnerability was initially reported on the Bugtraq discussion list.
This document was last modified by Tim Shimeall.
- CVE IDs: CAN-2001-0529
- Date Public: 12 Jun 2001
- Date First Published: 21 Aug 2001
- Date Last Updated: 15 Nov 2001
- Severity Metric: 0.76
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.