CVE-2007-6181

Name of the Vulnerable Software and Affected Versions Cygwin versions 1.5.7 and earlier Cygwin versions 1.5.7 through 1.5.19

Description A heap-based buffer overflow issue exists, allowing context-dependent attackers to execute arbitrary code via a filename with a certain length. This can be demonstrated by a remote authenticated user using the SCP protocol to send a file to the Cygwin machine, causing scp.exe to execute and overwrite heap memory with characters from the filename.

Recommendations For Cygwin versions 1.5.7 and earlier, update to a version later than 1.5.19 to resolve the issue. For Cygwin versions 1.5.7 through 1.5.19, update to a version later than 1.5.19 to resolve the issue. As a temporary workaround, consider restricting access to the SCP protocol to minimize the risk of exploitation.