Date: Wed, 02 Apr 2008 08:49:53 -0800 From: Jonathan Smith <smithj@...ethemallocs.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com Subject: CVE request: openssh "ForceCommand" improperly implemented -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://secunia.com/advisories/29602/ https://bugs.gentoo.org/show_bug.cgi?id=215702 https://issues.rpath.com/browse/RPL-2419 It looks to be a rather minor issue since ~/.ssh/rc is usually 0600 and ~/.ssh is usually 0700. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) iEYEARECAAYFAkfzuTEACgkQCG91qXPaRekKzwCdEnSwrkEVCXR8NzZEXCBkpXe/ 2O4Ani9EzXE2CUGpYEJj8+P8O06UarYO =wKkZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.