Bug#349645: ssh: local code execution in scp [CVE-2006-0225]

To: Debian BTS Submit <submit@bugs.debian.org>
Subject: Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
From: Martin Pitt <mpitt@debian.org>
Date: Tue, 24 Jan 2006 11:22:23 +0100
Message-id: <[🔎] 20060124102223.GF6265@piware.de>
Reply-to: Martin Pitt <mpitt@debian.org>, 349645@bugs.debian.org

Package: ssh
Severity: important
Tags: security patch

Hi!

http://bugzilla.mindrot.org/show_bug.cgi?id=1094 describes a flaw in
scp: it expands shell characters and escapes twice which could lead to
unwanted shell code execution. It affects cases where scp is used to
transfer untrusted directories, but this could happen in automated
systems, cron jobs, etc.

The reporter provided a patch, but it has not yet been acknowledged by
upstream.

Please mention the CVE number in the changelog when you fix this.

Thanks,

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
  - From: Colin Watson <cjwatson@debian.org>
- Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Processed: Re: Bug#349526: openssh-server: sshd crashes with a segfault
Next by Date: Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
Previous by thread: crossbow leapt
Next by thread: Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
Index(es):
- Date
- Thread