Detections
Analytics

OpenSSH < 4.3 scp Command Line Filename Processing Command Injection

medium Nessus Plugin ID 44076

Language:

Synopsis

The version of SSH running on the remote host has a command injection vulnerability.

Description

According to its banner, the version of OpenSSH running on the remote host is potentially affected by an arbitrary command execution vulnerability. The scp utility does not properly sanitize user-supplied input prior to using a system() function call. A local attacker could exploit this by creating filenames with shell metacharacters, which could cause arbitrary code to be executed if copied by a user running scp.

Solution

Upgrade to OpenSSH 4.3 or later.

See Also

https://bugzilla.mindrot.org/show_bug.cgi?id=1094

http://www.openssh.com/txt/release-4.3

Plugin Details

Severity: Medium

ID: 44076

File Name: openssh_43.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 10/4/2011

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Ease: No known exploits are available

Patch Publication Date: 2/1/2006

Vulnerability Publication Date: 9/28/2005

Reference Information

CVE: CVE-2006-0225

BID: 16369