Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» OpenPKG » OpenSSH arbitrary shell command execution

OpenSSH arbitrary shell command execution

Ulrich Drepper discovered a weakness in OpenSSH version 4.2p1 and earlier, caused due to the insecure use of the system function in scp when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp.

  • Vendor: OpenPKG
  • Vendor ID: SA-2006.003
  • Date: February 18, 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[email protected] [email protected]
OpenPKG-SA-2006.003 18-Feb-2006
________________________________________________________________________

Package: openssh
Vulnerability: arbitrary shell command excecution
OpenPKG Specific: no

Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= openssh-4.2p1-20060101 >= openssh-4.3p1-20060201
OpenPKG 2.5 <= openssh-4.2p1-2.5.1 >= openssh-4.2p1-2.5.2
OpenPKG 2.4 <= openssh-4.1p1-2.4.1 >= openssh-4.1p1-2.4.2
OpenPKG 2.3 <= openssh-3.9p1-2.3.0 >= openssh-3.9p1-2.3.1

Description:
Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1
and earlier, caused due to the insecure use of the system(3) function
in scp(1) when performing copy operations using filenames that are
supplied by the user from the command line. This can be exploited to
execute shell commands with privileges of the user running scp(1). The
Common Vulnerabilities and Exposures (CVE) project assigned the id
CVE-2006-0225 [2] to the problem.
________________________________________________________________________

References:
[0] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168167
[1] http://www.openssh.com/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG

iD8DBQFD9xQTgHWT4GPEy58RAmGhAJwPqGodxa5SWCErCK85VrzAhYMPUACfXeXy
h8vuY68O3h7SD1LpSCP/oHE=
=POPO
-----END PGP SIGNATURE-----

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »