sshd scp Traversal Arbitrary File Overwrite

Medium Nessus Plugin ID 11339


The remote host has an application that is affected by a directory traversal issue.


You are running OpenSSH 1.2.3, or 1.2. This version has directory traversal vulnerability in scp, it allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.


Patch and New version are available from SSH/OpenSSH.

Plugin Details

Severity: Medium

ID: 11339

File Name: ssh_scp.nasl

Version: $Revision: 1.11 $

Type: remote

Published: 2003/03/10

Modified: 2011/03/16

Dependencies: 10267

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Vulnerability Publication Date: 2000/09/30

Reference Information

CVE: CVE-2000-0992

BID: 1742

OSVDB: 1586