source: http://www.securityfocus.com/bid/4547/info SSH (and derivatives) is the protocol Secure Shell protocol implementation. It is available for various operating systems, although this vulnerability affects operating systems such as Unix and Linux. It has been reported that it is possible for a remote user to upload files to world-writeable directories, and execute commands from world-writeable directories. In doing so, a user may be able to upload a script, and execute the script to gain access to a regular shell on the system. This would allow the user unrestricted, but unprivileged access. After uploading 'malicious' to /tmp: ssh -l user host '/tmp/malicious'
Related ExploitsTrying to match CVEs (1): CVE-2002-1715
Trying to match OSVDBs (1): 23589
Other Possible E-DB Search Terms: SSH2 3.0, SSH2
|2008-02-17||freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service||Luigi Auriemma|
|2001-07-21||SSH2 3.0 - Short Password Login||hypoclear|