logo
DATABASE RESOURCES PRICING ABOUT US

GLSA-200602-11 : OpenSSH, Dropbear: Insecure use of system() call

Description

The remote host is affected by the vulnerability described in GLSA-200602-11 (OpenSSH, Dropbear: Insecure use of system() call) To copy from a local filesystem to another local filesystem, scp constructs a command line using 'cp' which is then executed via system(). Josh Bressers discovered that special characters are not escaped by scp, but are simply passed to the shell. Impact : By tricking other users or applications to use scp on maliciously crafted filenames, a local attacker user can execute arbitrary commands with the rights of the user running scp. Workaround : There is no known workaround at this time.


Related