CVE-2006-0225
OpenSSH 4.2p1 - Remote Code Execution via SCP Filename Shell Metacharacter Expansion
Title source: llmDescription
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
References (64)
Core 64
Core References
Various Sources vendor-advisory
x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
Various Sources x_refsource_confirm
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:034
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16369
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25936
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18798
Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23340
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0298.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18970
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21492
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2006/0004
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19159
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18650
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18736
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22692
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2120
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23680
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18579
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18969
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20723
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24305
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/462
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4869
Various Sources vendor-advisory
x_refsource_openpkg
http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/425397/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0044.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21262
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25607
Various Sources x_refsource_confirm
http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_08_openssh.html
Various Sources x_refsource_confirm
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2490
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0306
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21129
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015540
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21724
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23241
Various Sources vendor-advisory
x_refsource_openbsd
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0930
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18850
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22196
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0698.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18595
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18964
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-255-1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18910
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24479
Scores
EPSS
0.0009
EPSS Percentile
25.8%
Details
Status
published
Products (33)
openbsd/openssh
3.0
openbsd/openssh
3.0.1
openbsd/openssh
3.0.1p1
openbsd/openssh
3.0.2
openbsd/openssh
3.0.2p1
openbsd/openssh
3.0p1
openbsd/openssh
3.1
openbsd/openssh
3.1p1
openbsd/openssh
3.2
openbsd/openssh
3.2.2p1
... and 23 more
Published
Jan 25, 2006
Tracked Since
Feb 18, 2026