OpenSSH < 4.3 scp Command Line Filename Processing Command Injection

Medium Nessus Plugin ID 44076


The version of SSH running on the remote host has a command injection vulnerability.


According to its banner, the version of OpenSSH running on the remote host is potentially affected by an arbitrary command execution vulnerability. The scp utility does not properly sanitize user-supplied input prior to using a system() function call. A local attacker could exploit this by creating filenames with shell metacharacters, which could cause arbitrary code to be executed if copied by a user running scp.


Upgrade to OpenSSH 4.3 or later.

See Also

Plugin Details

Severity: Medium

ID: 44076

File Name: openssh_43.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2011/10/04

Modified: 2016/10/17

Dependencies: 10267

Risk Information

Risk Factor: Medium


Base Score: 4.6

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:ND/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2006/02/01

Vulnerability Publication Date: 2005/09/28

Reference Information

CVE: CVE-2006-0225

BID: 16369

OSVDB: 22692