solidot新版网站常见问题,请点击这里查看。
消息
本文已被查看10601次
An ancient OpenSSH vulnerability
来源于:LWN
An advisory from Harry Sintonen describes several vulnerabilities in the
scp clients shipped with OpenSSH, PuTTY, and others. "Many
scp clients fail to verify if the objects returned by the scp server match
those it asked for. This issue dates back to 1983 and rcp, on which scp is
based. A separate flaw in the client allows the target directory attributes
to be changed arbitrarily. Finally, two vulnerabilities in clients may
allow server to spoof the client output." The outcome is that a
hostile (or compromised) server can overwrite arbitrary files on the client
side. There do not yet appear to be patches available to address these
problems. 查看全文>>