Vulnerability Description
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 3.0 |
References
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
- http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
- http://docs.info.apple.com/article.html?artnum=305214
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://secunia.com/advisories/18579
- http://secunia.com/advisories/18595PatchVendor Advisory
- http://secunia.com/advisories/18650
- http://secunia.com/advisories/18736
- http://secunia.com/advisories/18798
- http://secunia.com/advisories/18850
- http://secunia.com/advisories/18910
- http://secunia.com/advisories/18964
- http://secunia.com/advisories/18969
FAQ
What is CVE-2006-0225?
CVE-2006-0225 is a vulnerability with a CVSS score of 4.6 (MEDIUM). scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
How severe is CVE-2006-0225?
CVE-2006-0225 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0225?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.