RCP, OpenSSH SCP Client File Corruption Vulnerability
BID:9986
Info
RCP, OpenSSH SCP Client File Corruption Vulnerability
| Bugtraq ID: | 9986 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0175 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2004 12:00AM |
| Updated: | Sep 15 2008 07:40PM |
| Credit: | This issue was announced in a Conectiva advisory. The discoverer of this issue is currently unknown. |
| Vulnerable: |
Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 SP6 SGI ProPack 3.0 SGI IRIX 6.5.24 m SGI IRIX 6.5.23 m SGI IRIX 6.5.22 m SGI IRIX 6.5.21 m SGI IRIX 6.5.21 f SGI IRIX 6.5.20 m SGI IRIX 6.5.20 f SGI Advanced Linux Environment 3.0 SCO Open Server 5.0.7 SCO Open Server 5.0.6 a SCO Open Server 5.0.6 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 OpenSSH OpenSSH 3.4 p1 OpenSSH OpenSSH 3.4 OpenSSH OpenSSH 3.3 p1 OpenSSH OpenSSH 3.3 OpenSSH OpenSSH 3.2.3 p1 OpenSSH OpenSSH 3.2.2 p1 OpenSSH OpenSSH 3.2 OpenSSH OpenSSH 3.1 p1 OpenSSH OpenSSH 3.1 OpenSSH OpenSSH 3.0.2 p1 OpenSSH OpenSSH 3.0.2 OpenSSH OpenSSH 3.0.1 p1 OpenSSH OpenSSH 3.0.1 OpenSSH OpenSSH 3.0 p1 OpenSSH OpenSSH 3.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 AMD64 Mandriva Linux Mandrake 10.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN Avaya Converged Communications Server 2.0 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.2.8 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.2.8 |
| Not Vulnerable: | |
Discussion
RCP, OpenSSH SCP Client File Corruption Vulnerability
A vulnerability has been reported in the 'rcp' and OpenSSH 'scp' utilities. This issue may permit a malicious scp server to corrupt files on a client system when files are copied.
This issue is similar to BID 1742.
A vulnerability has been reported in the 'rcp' and OpenSSH 'scp' utilities. This issue may permit a malicious scp server to corrupt files on a client system when files are copied.
This issue is similar to BID 1742.
Exploit / POC
RCP, OpenSSH SCP Client File Corruption Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
RCP, OpenSSH SCP Client File Corruption Vulnerability
Solution:
Vendor upgrades are available. Please see the referenced vendor advisories for details on obtaining and applying the appropriate updates.
Apple Mac OS X 10.2.8
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.3.4
Apple Mac OS X 10.3.4
Apple Mac OS X Server 10.3.5
Apple Mac OS X 10.3.5
OpenSSH OpenSSH 3.1 p1
OpenSSH OpenSSH 3.4 p1
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
SCO Open Server 5.0.7
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20 m
SGI IRIX 6.5.22 m
Solution:
Vendor upgrades are available. Please see the referenced vendor advisories for details on obtaining and applying the appropriate updates.
Apple Mac OS X 10.2.8
-
Apple SecUpd2004-09-07JagClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04717&plat form=osx&method=sa/SecUpd2004-09-07JagClient.dmg
Apple Mac OS X Server 10.2.8
-
Apple SecUpdSrvr2004-09-07Jag.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04716&plat form=osx&method=sa/SecUpdSrvr2004-09-07Jag.dmg
Apple Mac OS X Server 10.3.4
-
Apple SecUpdSrvr2004-09-07PanL.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04713&plat form=osx&method=sa/SecUpdSrvr2004-09-07PanL.dmg
Apple Mac OS X 10.3.4
-
Apple SecUpd2004-09-07PanClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04712&plat form=osx&method=sa/SecUpd2004-09-07PanClient.dmg
Apple Mac OS X Server 10.3.5
-
Apple SecUpdSrvr2004-09-07PanM.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04714&plat form=osx&method=sa/SecUpdSrvr2004-09-07PanM.dmg
Apple Mac OS X 10.3.5
-
Apple SecUpd2004-09-07PanMClient.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04715&plat form=osx&method=sa/SecUpd2004-09-07PanMClient.dmg
OpenSSH OpenSSH 3.1 p1
-
Juniper Networks openssh-client-3.1p1-14.idp2.i386.rpm
-
Juniper Networks openssh-server-3.1p1-14.idp2.i386.rpm
OpenSSH OpenSSH 3.4 p1
-
Conectiva openssh-3.4p1-263.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/openssh-3.4p1-263.i586 .rpm
SCO Open Server 5.0.6 a
-
SCO openssh42p1_vol.tar
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vo l.tar
SCO Open Server 5.0.6
-
SCO openssh42p1_vol.tar
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vo l.tar
SCO Open Server 5.0.7
-
SCO osr507mp4_vol.tar for SCOSA-2006.11
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20 m
SGI IRIX 6.5.22 m
References
RCP, OpenSSH SCP Client File Corruption Vulnerability
References:
References:
- ASA-2005-167 - rsh security update - (RHSA-2005-495 & RHSA-2005-074) (Avaya)
- CLSA-2004:831 openssh (Conectiva)
- NetScreen Advisory 59739 (Juniper Networks)
- RHSA-2005:074-10 - rsh security update (RedHat)
- RHSA-2005:165-03 - rsh security update (RedHat)
- RHSA-2005:481-03 : openssh security update (RedHat)
- RHSA-2005:562-15 - krb5 security update (RedHat)
- RHSA-2005:567-08 - krb5 security update (RedHat)