PuTTY - old-style scp downloads may allow remote code execution

ID 7F0FBB30-E462-11E5-A3F3-080027EF73EC
Type freebsd
Reporter FreeBSD
Modified 2016-02-26T00:00:00


Simon G. Tatham reports:

Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction (i.e. downloading from server to client) of the old-style SCP protocol.

In order for this vulnerability to be exploited, the user must connect to a malicious server and attempt to download any file.[...] you can work around it in a vulnerable PSCP by using the -sftp option to force the use of the newer SFTP protocol, provided your server supports that protocol.