CERTVU:912588WinSCP URI handlers fails to properly parse command line switches
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:C/I:C/A:N
0.088 Low
EPSS
Percentile
94.6%
Overview
A vulnerability has been found in WinSCP, which can be exploited by an attacker to overwrite or add files to the victim’s computer.
Description
WinSCP is an open source SFTP client for Microsoft windows. It supports a file-manager user interface, and uses the SSH protocol to transfer files between hosts. If an attacker convinces a user to follow a specially crafted URL, a file may be directly transferred to the user’s computer. The attacker may also be able to append information to files.
Depending on what the user interface settings of WinSCP are, user-interaction may or may not be required to complete the file transfer. This vulnerability is a result of certain command line switches being passed to WinSCP in the malicious URL.
Impact
If a victim user clicks on the specially-crafted URL, an attacker could send any chosen file to the victim’s computer with access to folders that the user running WinSCP has write access to. The attacker could also append information to a file that may damage the file or make it unusable.
Solution
Upgrade
Version 3.8.2 of WinSCP has been published and contains a fix for this vulnerability. Users are encouraged to upgrade to this version of the software.
Restrict Access
Limit SSH client access to trusted servers. SSH servers usually listens on 22/tcp, but can be configured to listen on any TCP port.
Require User Interaction for File Transfers
WinSCP can be configured to notify the user of all file transfers and not automatically handle scp:// and sftp:// addresses. Users are encouraged to enable these options.
Vendor Information
912588
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
WinSCP __ Affected
Notified: June 15, 2006 Updated: June 22, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Version 3.8.2 of WinSCP has been published and contains a fix for this vulnerability. Users are encouraged to upgrade to this version of the software.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23912588 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://secunia.com/advisories/20575/>
- <http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html>
Acknowledgements
This vulnerability was reported by Jelmer Kuperus.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-3015 |
|---|---|
| Severity Metric: | 0.79 Date Public: |
Related
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:C/I:C/A:N
0.088 Low
EPSS
Percentile
94.6%