SecurityLex.org - Vulnerability Test Information

Search CVSS vectors
CVSS Base score between and
Access Vector		Confidentiality Impact
Access Complexity		Integrity Impact
Authentification		Availability Impact
Impact Bias

Your search for "12152" returned:

SecureScout Testcase: 12152	Name: OpenSSH scp Command Line Shell Command Injection Vulnerability
CVE References: CVE-2006-0225 (cve.mitre.org, nvd.nist.gov)
SANS/FBI TOP20 Reference:
Risk: Medium		CVSS Base Score: 4.6 (ver. 2.0 )
TC Impact: Gather Info		Service: ssh	Vuln Impact: Attack
Access Vector: Local		Access Complexity: Low	Authentication: None
Confidentiality Impact: Partial	Integrity Impact: Partial	Availability Impact: Partial	Impact Bias:
Host Impact: Privileges escalation. Arbitrary command execution.		Summary: Josh Bressers has reported a weakness in OpenSSH, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
Fix Type: Update the software.		Copyright: Josh Bressers	Published Date: January 24, 2006
Description: Josh Bressers has reported a weakness in OpenSSH, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The weakness is caused due to the insecure use of the "system()" function in scp when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp. Successful exploitation requires that the user is e.g. tricked into using scp to copy a file with a specially crafted filename. The weakness has been confirmed in version 4.2p1. Other versions may also be affected.
Remediation: *** Solution type: Upgrade Software *** Upgrade to at least OpenSSH version 4.3. See references for more details.
References: * CONFIRM: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026 * CONFIRM: http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688 * CONFIRM: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751 * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm * CONFIRM: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html * CONFIRM: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html * CONFIRM: http://docs.info.apple.com/article.html?artnum=305214 * CONFIRM: http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm * APPLE: APPLE-SA-2007-03-13 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html * FEDORA: FLSA-2006:168935 http://www.securityfocus.com/archive/1/archive/1/425397/100/0/threaded * GENTOO: GLSA-200602-11 http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml * HP: HPSBUX02178 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 * MANDRIVA: MDKSA-2006:034 http://www.mandriva.com/security/advisories?name=MDKSA-2006:034 * OPENBSD: 20060212 [3.8] 005: SECURITY FIX: February 12, 2006 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch * OPENPKG: OpenPKG-SA-2006.003 http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html * REDHAT: RHSA-2006:0044 http://www.redhat.com/support/errata/RHSA-2006-0044.html * REDHAT: RHSA-2006:0298 http://www.redhat.com/support/errata/RHSA-2006-0298.html * REDHAT: RHSA-2006:0698 http://www.redhat.com/support/errata/RHSA-2006-0698.html * SGI: 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc * SLACKWARE: SSA:2006-045-06 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802 * SUNALERT: 102961 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1 * SUSE: SUSE-SA:2006:008 http://www.novell.com/linux/security/advisories/2006_08_openssh.html * TRUSTIX: 2006-0004 http://www.trustix.org/errata/2006/0004 * UBUNTU: USN-255-1 http://www.ubuntu.com/usn/usn-255-1 * CERT: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html * BID: 16369 http://www.securityfocus.com/bid/16369 * FRSIRT: ADV-2006-0306 http://www.frsirt.com/english/advisories/2006/0306 * FRSIRT: ADV-2006-2490 http://www.frsirt.com/english/advisories/2006/2490 * FRSIRT: ADV-2006-4869 http://www.frsirt.com/english/advisories/2006/4869 * FRSIRT: ADV-2007-0930 http://www.frsirt.com/english/advisories/2007/0930 * FRSIRT: ADV-2007-2120 http://www.frsirt.com/english/advisories/2007/2120 * OSVDB: 22692 http://www.osvdb.org/22692 * OVAL: oval:org.mitre.oval:def:1138 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1138 * SECTRACK: 1015540 http://securitytracker.com/id?1015540 * SECUNIA: 18579 http://secunia.com/advisories/18579 * SECUNIA: 18595 http://secunia.com/advisories/18595 * SECUNIA: 18650 http://secunia.com/advisories/18650 * SECUNIA: 18736 http://secunia.com/advisories/18736 * SECUNIA: 18798 http://secunia.com/advisories/18798 * SECUNIA: 18850 http://secunia.com/advisories/18850 * SECUNIA: 18910 http://secunia.com/advisories/18910 * SECUNIA: 18964 http://secunia.com/advisories/18964 * SECUNIA: 18969 http://secunia.com/advisories/18969 * SECUNIA: 18970 http://secunia.com/advisories/18970 * SECUNIA: 19159 http://secunia.com/advisories/19159 * SECUNIA: 20723 http://secunia.com/advisories/20723 * SECUNIA: 21129 http://secunia.com/advisories/21129 * SECUNIA: 21262 http://secunia.com/advisories/21262 * SECUNIA: 21492 http://secunia.com/advisories/21492 * SECUNIA: 21724 http://secunia.com/advisories/21724 * SECUNIA: 22196 http://secunia.com/advisories/22196 * SECUNIA: 23241 http://secunia.com/advisories/23241 * SECUNIA: 23340 http://secunia.com/advisories/23340 * SECUNIA: 23680 http://secunia.com/advisories/23680 * SECUNIA: 24479 http://secunia.com/advisories/24479 * SECUNIA: 25607 http://secunia.com/advisories/25607 * SECUNIA: 25936 http://secunia.com/advisories/25936 * SREASON: 462 http://securityreason.com/securityalert/462 * XF: openssh-scp-command-execution(24305) http://xforce.iss.net/xforce/xfdb/24305
Created: 2009-08-07 01:00:00		Last Changed: 2009-08-07 01:00:00

The Complete Lexicon to Security