This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The version of SSH running on the remote host has a command injection
According to its banner, the version of OpenSSH running on the remote
host is potentially affected by an arbitrary command execution
vulnerability. The scp utility does not properly sanitize
user-supplied input prior to using a system() function call. A local
attacker could exploit this by creating filenames with shell
metacharacters, which could cause arbitrary code to be executed if
copied by a user running scp.
See also :
Upgrade to OpenSSH 4.3 or later.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.8
Public Exploit Available : true
Nessus Plugin ID: 44076 ()
Bugtraq ID: 16369
CVE ID: CVE-2006-0225
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.