Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
On Tue, Jan 24, 2006 at 11:09:17AM +, Colin Watson wrote: It's not clear to me whether upstream will change this, Looks like upstream are going to fix it after all. I'll monitor the upstream bug and incorporate whatever patch finally gets committed. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
By the way, if you intend to fix this bug for stable, it might be a good idea to include a fix for #270770 as well (which, at this stage, boils down to clearing the SUID/SGID flags). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
Package: ssh Severity: important Tags: security patch Hi! http://bugzilla.mindrot.org/show_bug.cgi?id=1094 describes a flaw in scp: it expands shell characters and escapes twice which could lead to unwanted shell code execution. It affects cases where scp is used to transfer untrusted directories, but this could happen in automated systems, cron jobs, etc. The reporter provided a patch, but it has not yet been acknowledged by upstream. Please mention the CVE number in the changelog when you fix this. Thanks, Martin -- Martin Pitthttp://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? signature.asc Description: Digital signature
Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
On Tue, Jan 24, 2006 at 11:22:23AM +0100, Martin Pitt wrote: Package: ssh Severity: important Tags: security patch Hi! http://bugzilla.mindrot.org/show_bug.cgi?id=1094 describes a flaw in scp: it expands shell characters and escapes twice which could lead to unwanted shell code execution. It affects cases where scp is used to transfer untrusted directories, but this could happen in automated systems, cron jobs, etc. The reporter provided a patch, but it has not yet been acknowledged by upstream. It's not clear to me whether upstream will change this, because it's not possible to fix many scp issues without breaking protocol compatibility: http://www.openssh.org/faq.html#2.10 The official line is to use sftp instead. Therefore, unless and until upstream acknowledges the bug and decides what to do about it, I don't intend to change this in Debian in case I affect protocol compatibility with other systems. Users concerned about the security impact of this bug should migrate away from scp to sftp, rsync-over-ssh, or similar. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349645: ssh: local code execution in scp [CVE-2006-0225]
* Colin Watson: It's not clear to me whether upstream will change this, because it's not possible to fix many scp issues without breaking protocol compatibility: The bug affects local-to-local copies, which are not subject to protocol constraints. Remote-to-remote copies do not seem to use the wire protocol, either, so it should be possible to fix them, too. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
