ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA18579] OpenSSH scp Command Line Shell Command Injection



> 
> 
> TITLE:
> OpenSSH scp Command Line Shell Command Injection
> 
> SECUNIA ADVISORY ID:
> SA18579
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18579/
> 
> CRITICAL:
> Not critical
> 
> IMPACT:
> Privilege escalation
> 
> WHERE:
> Local system
> 
> SOFTWARE:
> OpenSSH 4.x
> http://secunia.com/product/5653/
> OpenSSH 3.x
> http://secunia.com/product/101/
> 
> DESCRIPTION:
> Josh Bressers has reported a weakness in OpenSSH, which potentially
> can be exploited by malicious, local users to perform certain actions
> with escalated privileges.
> 
> The weakness is caused due to the insecure use of the "system()"
> function in scp when performing copy operations using filenames that
> are supplied by the user from the command line. This can be exploited
> to execute shell commands with privileges of the user running scp.
> 
> Successful exploitation requires that the user is e.g. tricked into
> using scp to copy a file with a specially crafted filename.
> 
> The weakness has been confirmed in version 4.2p1. Other versions may
> also be affected.
> 
> SOLUTION:
> Do not use scp to copy files containing potentially malicious
> filenames.
> 
> Some Linux vendors have issued updated packages.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Josh Bressers
> 
> ORIGINAL ADVISORY:
> Red Hat Bugzilla:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
> 



 




Copyright © Lexa Software, 1996-2009.