Download
| Alert*
|
oval:org.secpod.oval:def:69256
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. oval:org.secpod.oval:def:69254 A flaw was found in the scp program shipped with the openssh-clients package. An attacker having the ability to scp files to a remote server, could execute arbitrary commands on the remote server by including the command as a part of the filename being copied on the server. This command is run with ... oval:org.secpod.oval:def:69258 The host is installed with OpenSSH through 8.3p1 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp.c toremote function. Successful exploitation could allow remote attackers to pass a backtick enabled payload as ... |
