PT-2006-7580 · Openssh+3 · Openssh+3

Josh Bressers

Published

1970-01-01

Updated

2024-07-08

CVE-2006-0225

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 4.2p1 OpenSSH version 3.1p1

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, allowing attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces. The vulnerability may lead to disruption of service and unauthorized access to sensitive data.

Recommendations For OpenSSH version 3.1p1, consider upgrading to a version later than 4.2p1 to resolve the issue. For OpenSSH versions prior to 4.2p1, upgrade to version 4.2p1 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the scp command until a patch is available. Avoid using filenames that contain shell metacharacters or spaces in the affected scp command until the issue is resolved.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-04226

BDU:2015-04227

BDU:2015-06465

BDU:2015-06467

BDU:2015-06469

BDU:2015-06471

BDU:2015-06473

BDU:2015-09497

CVE-2006-0225

HPSBUX02178

OPENSUSE-SU-2024:11124-1

RHSA-2006:0044

RHSA-2006:0298

RHSA-2006:0698

RHSA-2006_0044

Affected Products

Alt Linux

Hp-Ux

Openssh

Red Hat

PT-2006-7580 · Openssh+3 · Openssh+3

CVE-2006-0225

Weakness Enumeration

Related Identifiers

Affected Products

References · 439