scp < 2.1 Traversal File Create/Overwrite

medium Nessus Network Monitor Plugin ID 1970

Synopsis

The remote server may allow attackers to retrieve or modify sensitive files.

Description

The remote host is running SSH 1.2.3 or 1.2 (as a client). There is a vulnerability in this version that allows a malicious scp server to overwrite arbitrary files via a directory traversal bug. An attacker may use this flaw to compromise this host. To exploit it, the attacker would have to compromise a host to which users of this host are SSH'ing into, and then to set up a trojaned version of scp which would overwrite files on this host

Solution

Upgrade to version 2.1 or higher.

Plugin Details

Severity: Medium

ID: 1970

Family: SSH

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11339

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Reference Information

CVE: CVE-2000-0992

BID: 1742