Rapid7 Vulnerability & Exploit Database

SUSE-SA:2006:008: openssh

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2006:008: openssh

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

02/14/2006

Created

07/25/2018

Added

02/17/2006

Modified

11/18/2015

Description

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Solution(s)

References

https://attackerkb.com/topics/cve-2006-0225
APPLE-SA-2007-03-13
16369
TA07-072A
CVE - 2006-0225
22692
OVAL1138
OVAL9962
RHSA-2006:0044
RHSA-2006:0298
RHSA-2006:0698
20060703-01-P
SUSE-SA:2006:008
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
http://docs.info.apple.com/article.html?artnum=305214
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:034
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1138
http://securityreason.com/securityalert/462
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802
http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm
http://www.frsirt.com/english/advisories/2006/0306
http://www.frsirt.com/english/advisories/2006/2490
http://www.frsirt.com/english/advisories/2006/4869
http://www.frsirt.com/english/advisories/2007/0930
http://www.frsirt.com/english/advisories/2007/2120
http://www.mandriva.com/security/advisories?name=MDKSA-2006:034
http://www.novell.com/linux/security/advisories/2006_08_openssh.html
http://www.securityfocus.com/archive/1/archive/1/425397/100/0/threaded
http://www.trustix.org/errata/2006/0004
http://www.ubuntu.com/usn/usn-255-1
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
24305

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;