Info

Disclosure

Apr 06, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Rumored
Disclosure: Vendor Verified

Solution

Upgrade to version 3.4p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

OpenBSD

OpenSSH

3.4

References

Security Tracker: 1011144 1011193
Secunia Advisory ID: 12450 15414 15418 15920 16034 16054 16057 16622 17135 17645 19243
ISS X-Force ID: 16323
CVE ID: 2004-0175 (see also: NVD)
Bugtraq ID: 9986
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt ftp://patches.sgi.com/support/free/security/advisories/20041101-01-P.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:100
http://support.avaya.com/elmodocs2/security/ASA-2005-167.pdf
http://www.juniper.net/support/security/alerts/adv59739.txt
http://www.suse.de/de/security/2004_09_kernel.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc http://rhn.redhat.com/errata/RHSA-2005-074.html
http://rhn.redhat.com/errata/RHSA-2005-106.html
http://www.juniper.net/support/security/alerts/adv59739.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:100
http://www.trustix.org/errata/2005/0031/
Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147
RedHat RHSA: RHSA-2005:567
Keyword: SCOSA-2005.49

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/9550