Bug#796314: openssh: copying special crafted filenames executes shell-command

To: bgrpt3@toplitzer.net, 796314@bugs.debian.org
Subject: Bug#796314: openssh: copying special crafted filenames executes shell-command
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 21 Aug 2015 11:43:19 +0200
Message-id: <[🔎] 20150821094319.GA12174@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 796314@bugs.debian.org
In-reply-to: <[🔎] 60014166.ktIaZbx8BF@tuxedo>
References: <[🔎] 60014166.ktIaZbx8BF@tuxedo>

Hi,

On Fri, Aug 21, 2015 at 11:35:08AM +0200, bgrpt3@toplitzer.net wrote:
> Source: openssh
> Severity: important
> Tags: upstream security
> 
> 
> According to [1] special crafted filenames containing control characters
> can cause scp to execute commands in the current shell. This works also on
> copying files from remote (potential untrusted) servers
> to local client.
> 
> this works:
> remote:
> $ touch "ab`tput clear`cd"
> 
> local:
> $ scp user@host:"/dir/ab*" .
> 
> which clears the screen in jessie.

This looks like #793412, merging both bugs.

Regards,
Salvatore

Reply to:

References:
- Bug#796314: openssh: copying special crafted filenames executes shell-command
  - From: bgrpt3@toplitzer.net

Prev by Date: Bug#796314: openssh: copying special crafted filenames executes shell-command
Next by Date: Processed (with 1 errors): forcibly merging 793412 796314
Previous by thread: Bug#796314: openssh: copying special crafted filenames executes shell-command
Next by thread: Bug#796314: openssh: copying special crafted filenames executes shell-command
Index(es):
- Date
- Thread