OpenSSH < 3.4p1 scp Traversal Arbitrary File Overwrite

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

A file transfer client on the remote host could be abused to
overwrite arbitrary files.

Description :

According to its banner, the version of OpenSSH running on the remote
host is earlier than version 3.4p1. Such versions contain an
arbitrary file overwrite vulnerability that could allow a malicious
SSH server to cause the supplied scp utility to write to arbitrary
files outside of the current directory.

See also :

http://www.juniper.net/support/security/alerts/adv59739.txt
https://bugzilla.redhat.com/show_bug.cgi?id=120147
http://www.nessus.org/u?5cc380af

Solution :

Upgrade to OpenSSH 3.4p1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 17701 ()

Bugtraq ID: 9986

CVE ID: CVE-2004-0175