Download
| Alert*
|
oval:org.secpod.oval:def:69256
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. oval:org.secpod.oval:def:69254 A flaw was found in the scp program shipped with the openssh-clients package. An attacker having the ability to scp files to a remote server, could execute arbitrary commands on the remote server by including the command as a part of the filename being copied on the server. This command is run with ... oval:org.secpod.oval:def:69258 The host is installed with OpenSSH through 8.3p1 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp.c toremote function. Successful exploitation could allow remote attackers to pass a backtick enabled payload as ... oval:org.secpod.oval:def:509394 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: openssh: scp allows command injection when using backtick characters in the destination argument ... |
