|Bugzilla:||168167: CVE-2006-0225 local to local copy uses shell expansion twice|
The MITRE CVE dictionary describes this issue as:
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
This issue was addressed in Red Hat Enterprise Linux 2.1, 3 and 4:
Issue was fixed upstream in version 4.3. The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw.
Red Hat security errata
|Red Hat Enterprise Linux version 2.1 (openssh)||RHSA-2006:0698||September 29, 2006|
|Red Hat Enterprise Linux version 3 (openssh)||RHSA-2006:0298||July 20, 2006|
|Red Hat Enterprise Linux version 4 (openssh)||RHSA-2006:0044||March 07, 2006|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.