Package: openssh Version: 1:4.2p1-5 As per CVE-2006-0225, scp does not properly escape metacharacters when doing local-local copying. Most noticeable when you leave off the ':' of a hostname
$ touch "\`rm -rf myfile\`" $ touch myfile $ ls -l total 0 -rw-r----- 1 nsheridan eng 0 2006-02-09 17:41 myfile -rw-r----- 1 nsheridan eng 0 2006-02-09 17:40 `rm -rf myfile` $ scp -vvv * somehost Executing: exec cp myfile somehost Executing: exec cp `rm -rf myfile` somehost cp: missing destination file Try `cp --help' for more information. $ ls -l total 0 -rw-r----- 1 nsheridan eng 0 2006-02-09 17:40 `rm -rf myfile` -rw-r----- 1 nsheridan eng 0 2006-02-09 17:44 somehost I swiped the patch from http://bugzilla.mindrot.org/show_bug.cgi?id=1094 and merged it. Attached.
scp-expansion.patch
Description: Binary data
