https://www.zdnet.com/article/scp-implementations-impacted-by-36-years-old-security-flaws/
By Catalin Cimpanu
ZDNet News
January 14, 2019
All SCP (Secure Copy Protocol) implementations from the last 36 years, since
1983, are vulnerable to four security bugs that allow a malicious SCP server to
make unauthorized changes to a client's (user's) system and hide malicious
operations in the terminal.
The vulnerabilities have been discovered by Harry Sintonen, a security
researcher with Finnish cyber-security firm F-Secure, who's been working since
August last year to have them fixed and patched in the major apps that support
the SCP protocol.
For our readers that are not familiar with SCP, the protocol is a "secure"
implementation of the RCP (Remote Copy Protocol) -- a protocol for transferring
files across a network.
SCP works on top of the SSH protocol and supports an authentication mechanism
to provide authenticity and confidentiality for transferred files, just like
SSH provides the same thing for the older and insecure Telnet protocol.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
