Title: OpenSSH scp Command Line Filename Processing Command Injection
Sep 28, 2005
Nov 23, 2005
OpenSSH contains a flaw that may allow an attacker to execute arbitrary commands. The flaw is due to the way OpenSSH's scp utility handles file names during local-to-local copies. During the file name expansion, the utility does not properly sanitize filenames allowing a crafted file name with shell meta-characters. This can be used to trick a user into executing arbitrary commands under with a different set of (potentially higher) privileges.
Local Access Required
Loss of Integrity
Upgrade to version 4.3p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.