>> LSH lshd Seed-file Information Disclosure and Denial of Service Issue
Title : LSH lshd Seed-file Information Disclosure and Denial of Service Issue VUPEN ID : VUPEN/ADV-2006-0301 CVE ID : CVE-2006-0353
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2006-01-23
Technical Description
A vulnerability has been identified in LSH, which could be exploited by local attackers to cause a denial of service or disclose sensitive information. This flaw is due to an error in lshd that leaks the file descriptors of the random generator's seed-file to user shells started by lshd, which could be exploited by malicious users to gain knowledge of sensitive information or cause a denial of service by truncating the server's seed-file.
