cvs commit: src/crypto/openssh-3.9p1 misc.c misc.h scp.c sftp.c src/crypto/openssh-4 misc.c misc.h scp.c sftp.c
Simon Schubert
corecode at crater.dragonflybsd.org
Mon Feb 13 07:26:01 PST 2006
corecode 2006/02/13 07:23:35 PST
DragonFly src repository
Modified files: (Branch: DragonFly_RELEASE_1_2)
crypto/openssh-3.9p1 misc.c misc.h scp.c sftp.c
Modified files: (Branch: DragonFly_RELEASE_1_4)
crypto/openssh-4 misc.c misc.h scp.c sftp.c
Log:
Fix a possible local privilege escalation bug in scp.
From CVE-2006-0225:
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via
filenames that contain shell metacharacters or spaces, which are expanded
twice.
Noted-by: joerg
Revision Changes Path
1.1.2.1 +40 -3 src/crypto/openssh-3.9p1/Attic/misc.c
1.1.2.1 +6 -2 src/crypto/openssh-3.9p1/Attic/misc.h
1.1.2.1 +91 -48 src/crypto/openssh-3.9p1/Attic/scp.c
1.1.2.1 +4 -2 src/crypto/openssh-3.9p1/Attic/sftp.c
1.2.2.1 +40 -3 src/crypto/openssh-4/misc.c
1.2.2.1 +5 -1 src/crypto/openssh-4/misc.h
1.2.2.1 +87 -45 src/crypto/openssh-4/scp.c
1.2.2.1 +4 -2 src/crypto/openssh-4/sftp.c
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-3.9p1/Attic/misc.c.diff?r1=1.1&r2=1.1.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-3.9p1/Attic/misc.h.diff?r1=1.1&r2=1.1.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-3.9p1/Attic/scp.c.diff?r1=1.1&r2=1.1.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-3.9p1/Attic/sftp.c.diff?r1=1.1&r2=1.1.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-4/misc.c.diff?r1=1.2&r2=1.2.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-4/misc.h.diff?r1=1.2&r2=1.2.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-4/scp.c.diff?r1=1.2&r2=1.2.2.1&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/openssh-4/sftp.c.diff?r1=1.2&r2=1.2.2.1&f=u
More information about the Commits
mailing list