*** This bug has been split off bug 120147 for RHEL2.1*** ------- Original comment by Mark J. Cox (Security Response Team) on 2004.04.06 08:28 ------- Back in 2000 it was reported that a malicious ssh server could cause scp to write to arbitrary files outside of the current directory. See: http://cert.uni-stuttgart.de/archive/bugtraq/2000/09/msg00499.html This is a valid behaviour of the rcp protocol. The issue was rediscovered in Mar 2004 and discussed amongst OSS vendors, with Markus Friedl from OpenBSD writing a proposed patch for this issue but warned that it needed a lot of testing: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.113&r2=1.114
*** Bug 158915 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-481.html