Mark E. Haase

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions 7.9 **Description** The issue is related to the scp client in OpenSSH, which allows a malicious server to bypass intended access restrictions. This can be achieved by manipulating the filename, such as using `.` or an empty filename, allowing the server to overwrite arbitrary files in the client's target directory. If a recursive operation is performed, the server can also manipulate subdirectories. For example, it can overwrite the `.ssh/authorized keys` file. **Recommendations** For OpenSSH version 7.9, consider disabling the scp client until a patch is available, or restrict access to the vulnerable `scp.c` file to minimize the risk of exploitation. As a temporary workaround, avoid using the recursive operation (-r) to prevent the server from manipulating subdirectories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.