sshd scp Traversal Arbitrary File Overwrite

This script is Copyright (C) 2003-2011 Xue Yong Zhi


Synopsis :

The remote host has an application that is affected by a
directory traversal issue.

Description :

You are running OpenSSH 1.2.3, or 1.2.

This version has directory traversal vulnerability in scp,
it allows a remote malicious scp server to overwrite arbitrary
files via a .. (dot dot) attack.

Solution :

Patch and New version are available from SSH/OpenSSH.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)

Family: Gain a shell remotely

Nessus Plugin ID: 11339 ()

Bugtraq ID: 1742

CVE ID: CVE-2000-0992