OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
Medium Nessus Plugin ID 44076
SynopsisThe version of SSH running on the remote host has a command injection vulnerability.
DescriptionAccording to its banner, the version of OpenSSH running on the remote host is potentially affected by an arbitrary command execution vulnerability. The scp utility does not properly sanitize user-supplied input prior to using a system() function call. A local attacker could exploit this by creating filenames with shell metacharacters, which could cause arbitrary code to be executed if copied by a user running scp.
SolutionUpgrade to OpenSSH 4.3 or later.