openssh: directory traversal

Package(s):

openssh

CVE #(s):

CAN-2004-0175

Created:

May 18, 2005

Updated:

July 13, 2005

Description:

The OpenSSH scp client can, when connected to a hostile server, be instructed to overwrite arbitrary files.

Alerts:

Fedora-Legacy	FLSA:123014	openssh	2005-07-11
Mandriva	MDKSA-2005:100	rsh	2005-06-14
Red Hat	RHSA-2005:495-01	rsh	2005-06-13
Red Hat	RHSA-2005:165-01	rsh	2005-06-08
Red Hat	RHSA-2005:481-01	openssh	2005-06-02
Red Hat	RHSA-2005:106-01	openssh	2005-05-18
Red Hat	RHSA-2005:074-01	rsh	2005-05-18

Not a "new" vulnerability

Posted May 26, 2005 6:47 UTC (Thu) by djm (subscriber, #11651) [Link]

I think LWN have filed this in the wrong section, this is not a "New" vulnerability. We fixed this in OpenSSH over a year ago (in 3.9 IIRC). Most other vendors picked up the fix then.