CVE-2006-0225

Severity

46%

Complexity

39%

Confidentiality

106%

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

OpenBSD OpenSSH

First reported 19 years ago

2006-01-25 11:03:00

Last updated 6 years ago

2018-10-19 15:43:00

Affected Software

OpenBSD OpenSSH 3.0

3.0

OpenBSD OpenSSH 3.0.1

3.0.1

OpenBSD OpenSSH 3.0.1 p1

3.0.1p1

OpenBSD OpenSSH 3.0.2

3.0.2

OpenBSD OpenSSH 3.0.2p1

3.0.2p1

OpenBSD OpenSSH 3.0 p1

3.0p1

OpenBSD OpenSSH 3.1

3.1

OpenBSD OpenSSH 3.1 p1

3.1p1

OpenBSD OpenSSH 3.2

3.2

OpenBSD OpenSSH 3.2.2 p1

3.2.2p1

OpenBSD OpenSSH 3.2.3 p1

3.2.3p1

OpenBSD OpenSSH 3.3

3.3

OpenBSD OpenSSH 3.3 p1

3.3p1

OpenBSD OpenSSH 3.4

3.4

OpenBSD OpenSSH 3.4 p1

3.4p1

OpenBSD OpenSSH 3.5

3.5

OpenBSD OpenSSH 3.5 p1

3.5p1

OpenBSD OpenSSH 3.6

3.6

OpenBSD OpenSSH 3.6.1

3.6.1

OpenBSD OpenSSH 3.6.1 p1

3.6.1p1

OpenBSD OpenSSH 3.6.1 p2

3.6.1p2

OpenBSD OpenSSH 3.7

3.7

OpenBSD OpenSSH 3.7.1

3.7.1

OpenBSD OpenSSH 3.7.1 p2

3.7.1p2

OpenBSD OpenSSH 3.8

3.8

OpenBSD OpenSSH 3.8.1

3.8.1

OpenBSD OpenSSH 3.8.1 p1

3.8.1p1

OpenBSD OpenSSH 3.9

3.9

OpenBSD OpenSSH 3.9.1

3.9.1

OpenBSD OpenSSH 3.9.1 p1

3.9.1p1

OpenBSD OpenSSH Portable 4.0.p1

4.0p1

OpenBSD OpenSSH Portable 4.1.p1

4.1p1

OpenBSD OpenSSH Portable 4.2.p1

4.2p1

References

20060212 [3.8] 005: SECURITY FIX: February 12, 2006

20060703-01-P

http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability

http://docs.info.apple.com/article.html?artnum=305214

HPSBUX02178

APPLE-SA-2007-03-13

18579

18595

Patch, Vendor Advisory

18650

18736

18798

18850

18910

18964

18969

18970

19159

20723

21129

21262

21492

21724

22196

23241

23340

23680

24479

25607

25936

462

1015540

SSA:2006-045-06

102961

http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm

http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm

GLSA-200602-11

MDKSA-2006:034

SUSE-SA:2006:008

OpenPKG-SA-2006.003

22692

FEDORA-2006-056

RHSA-2006:0044

RHSA-2006:0298

RHSA-2006:0698

FLSA-2006:168935

16369

2006-0004

USN-255-1

TA07-072A

US Government Resource

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

ADV-2006-0306

ADV-2006-2490

ADV-2006-4869

ADV-2007-0930

ADV-2007-2120

http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026

openssh-scp-command-execution(24305)

oval:org.mitre.oval:def:1138

oval:org.mitre.oval:def:9962

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.