This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The version of SSH running on the remote host has a command injection
According to its banner, the version of OpenSSH running on the remote
host is potentially affected by an arbitrary command execution
vulnerability. The scp utility does not properly sanitize
user-supplied input prior to using a system() function call. A local
attacker could exploit this by creating filenames with shell
metacharacters, which could cause arbitrary code to be executed if
copied by a user running scp.
See also :
Upgrade to OpenSSH 4.3 or later.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.8
Public Exploit Available : true