OpenSSH < 2.9.9 / 2.9p2 Symbolic Link 'cookies' File Removal

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

Local attackers may be able to delete arbitrary files.

Description :

According to the banner, OpenSSH earlier than 2.9.9 / 2.9p2 is
running on the remote host. Such versions contain an arbitrary file
deletion vulnerability. Due to insecure handling of temporary files, a
local attacker can cause sshd to delete any file it can access named
'cookies'.

See also :

http://www.openssh.com/txt/release-2.9.9
http://www.openssh.com/txt/release-2.9p2
http://www.openssh.org/security.html

Solution :

Upgrade to OpenSSH 2.9.9 / 2.9p2 or later.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 2.9
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 44071 ()

Bugtraq ID: 2825

CVE ID: CVE-2001-0529