Source: openssh Severity: important Tags: upstream security
According to [1] special crafted filenames containing control characters can cause scp to execute commands in the current shell. This works also on copying files from remote (potential untrusted) servers to local client. this works: remote: $ touch "ab`tput clear`cd" local: $ scp user@host:"/dir/ab*" . which clears the screen in jessie. Fedora has fixed [2] this bug already. [1]https://bugzilla.mindrot.org/show_bug.cgi?id=2434 [2]https://bugzilla.redhat.com/show_bug.cgi?id=1247204 -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-586 Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
