OpenSSH < 2.9.9 / 2.9p2 Symbolic Link 'cookies' File Removal

This script is Copyright (C) 2011 Tenable Network Security, Inc.

Synopsis :

Local attackers may be able to delete arbitrary files.

Description :

According to the banner, OpenSSH earlier than 2.9.9 / 2.9p2 is
running on the remote host. Such versions contain an arbitrary file
deletion vulnerability. Due to insecure handling of temporary files, a
local attacker can cause sshd to delete any file it can access named

See also :

Solution :

Upgrade to OpenSSH 2.9.9 / 2.9p2 or later.

Risk factor :

Low / CVSS Base Score : 3.3
CVSS Temporal Score : 2.9
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 44071 ()

Bugtraq ID: 2825

CVE ID: CVE-2001-0529