{"vuid":"VU#655259","idnumber":"655259","name":"OpenSSH allows arbitrary file deletion via symlink redirection of temporary file","keywords":["OpenSSH","symlink","/tmp","temp","temporary file","cookie","X11 forwarding","sshd"],"overview":"Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named \"cookies\" accessible via the computer running sshd.","clean_desc":"sshd is the server software used to support ssh, a popular encryted connection program. Some versions of OpenSSH fail to handle temporary files in a secure fashion, allowing their removal during an ssh session. This removal may be reflected in the removal of files named \"cookies\" on the server. Since sshd runs setuid root, ownership and protection of the \"cookies\" file will be disregarded.","impact":"Using this exploit, an attacker may cause loss of data, particularly web location data used in many web sites.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"This vulnerability was initially reported on the Bugtraq discussion list.","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/2825","ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc","http://www.openbsd.org/errata.html#sshcookie","http://www.linuxsecurity.com/advisories/other_advisory-1666.html","http://www.linuxsecurity.com/advisories/other_advisory-1654.html"],"cveids":["CVE-2001-0529"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-06-12T13:38:23Z","publicdate":"2001-06-12T00:00:00Z","datefirstpublished":"2001-08-21T15:50:41Z","dateupdated":"2001-11-15T16:59:03Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"10","cam_impact":"3","cam_easeofexploitation":"9","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.759375","cam_scorecurrentwidelyknown":"1.0125","cam_scorecurrentwidelyknownexploited":"2.025","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.759375,"vulnote":null}