- cross-posted to:
- hackernews@derp.foo
You must log in or # to comment.
Is this exploitable? And if so is there a CVE to rectify it?
From the article:
The ssh manpage vaguely alludes to this behaviour with the following sentence: If a command is specified, it will be executed on the remote host instead of a login shell. A complete command line may be specified as command, or it may have additional arguments. If supplied, the arguments will be appended to the command, separated by spaces, before it is sent to the server to be executed.
The sentence I’m referring to is If supplied, the arguments will be appended to the command, separated by spaces, but to my mind it is very unclear and fails to convey the fact that ssh does its own expansion of command line arguments containing spaces themselves.”