Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2006-0225

Published: 25/01/2006 Updated: 19/10/2018
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Openbsd

Vulnerability Summary

scp in OpenSSH 4.2p1 allows malicious users to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh 3.0p1

openbsd openssh 3.1

openbsd openssh 3.4

openbsd openssh 3.4p1

openbsd openssh 3.7

openbsd openssh 3.7.1

openbsd openssh 3.7.1p2

openbsd openssh 4.0p1

openbsd openssh 4.1p1

openbsd openssh 3.0.2

openbsd openssh 3.0.2p1

openbsd openssh 3.3

openbsd openssh 3.3p1

openbsd openssh 3.6.1p1

openbsd openssh 3.6.1p2

openbsd openssh 3.9.1

openbsd openssh 3.9.1p1

openbsd openssh 3.0

openbsd openssh 3.1p1

openbsd openssh 3.2

openbsd openssh 3.5

openbsd openssh 3.5p1

openbsd openssh 3.8

openbsd openssh 3.8.1

openbsd openssh 4.2p1

openbsd openssh 3.0.1

openbsd openssh 3.0.1p1

openbsd openssh 3.2.2p1

openbsd openssh 3.2.3p1

openbsd openssh 3.6

openbsd openssh 3.6.1

openbsd openssh 3.8.1p1

openbsd openssh 3.9

Vendor Advisories

Debian CVElist Bug Report Logs: ssh: local code execution in scp [CVE-2006-0225]
Debian Bug report logs - #349645 ssh: local code execution in scp [CVE-2006-0225] Package: openssh; Maintainer for openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Martin Pitt <mpitt@debianorg> Date: Tue, 24 Jan 2006 10:33:07 UTC Severity: important Tags: patch, security Merged with ...
Ubuntu Security Notice: openssh vulnerability
Tomas Mraz discovered a shell code injection flaw in scp When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters By tricking an user into using scp on a specially crafted file name (which could also be caught by using an innocuous wild card like ‘*‘), an attacker could exploit this to execute arbitrary shel ...

References

NVD-CWE-Otherhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026http://www.securityfocus.com/bid/16369http://secunia.com/advisories/18579http://secunia.com/advisories/18595http://www.trustix.org/errata/2006/0004http://securitytracker.com/id?1015540http://secunia.com/advisories/18650http://secunia.com/advisories/18736ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patchhttp://www.novell.com/linux/security/advisories/2006_08_openssh.htmlhttp://secunia.com/advisories/18798http://secunia.com/advisories/18850http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802http://secunia.com/advisories/18910http://www.gentoo.org/security/en/glsa/glsa-200602-11.xmlhttp://www.ubuntu.com/usn/usn-255-1http://www.osvdb.org/22692http://secunia.com/advisories/18964http://secunia.com/advisories/18969http://secunia.com/advisories/18970http://www.redhat.com/support/errata/RHSA-2006-0044.htmlhttp://secunia.com/advisories/19159http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751http://secunia.com/advisories/20723http://www.redhat.com/support/errata/RHSA-2006-0298.htmlhttp://secunia.com/advisories/21129ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.aschttp://secunia.com/advisories/21262http://support.avaya.com/elmodocs2/security/ASA-2006-158.htmhttp://secunia.com/advisories/21492http://support.avaya.com/elmodocs2/security/ASA-2006-174.htmhttp://secunia.com/advisories/21724http://www.redhat.com/support/errata/RHSA-2006-0698.htmlhttp://secunia.com/advisories/22196http://secunia.com/advisories/23241http://support.avaya.com/elmodocs2/security/ASA-2006-262.htmhttp://secunia.com/advisories/23340http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttp://secunia.com/advisories/23680http://docs.info.apple.com/article.html?artnum=305214http://secunia.com/advisories/24479http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerabilityhttp://support.avaya.com/elmodocs2/security/ASA-2007-246.htmhttp://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:034http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://secunia.com/advisories/25607http://secunia.com/advisories/25936http://securityreason.com/securityalert/462http://www.vupen.com/english/advisories/2007/0930http://www.vupen.com/english/advisories/2006/0306http://www.vupen.com/english/advisories/2007/2120http://www.vupen.com/english/advisories/2006/4869http://www.vupen.com/english/advisories/2006/2490http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24305https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138http://www.securityfocus.com/archive/1/425397/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349645https://usn.ubuntu.com/255-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook