Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

scp < 2.1 Traversal File Create/Overwrite

Medium

Synopsis

The remote server may allow attackers to retrieve or modify sensitive files.

Description

The remote host is running SSH 1.2.3 or 1.2 (as a client). There is a vulnerability in this version that allows a malicious scp server to overwrite arbitrary files via a directory traversal bug. An attacker may use this flaw to compromise this host. To exploit it, the attacker would have to compromise a host to which users of this host are SSH'ing into, and then to set up a trojaned version of scp which would overwrite files on this host

Solution

Upgrade to version 2.1 or higher.