+++ This bug was initially created as a clone of Bug #120147 +++ Back in 2000 it was reported that a malicious ssh server could cause scp to write to arbitrary files outside of the current directory. See: http://cert.uni-stuttgart.de/archive/bugtraq/2000/09/msg00499.html This is a valid behaviour of the rcp protocol. The issue was rediscovered in Mar 2004 and discussed amongst OSS vendors, with Markus Friedl from OpenBSD writing a proposed patch for this issue but warned that it needed a lot of testing: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.113&r2=1.114
*** This bug has been marked as a duplicate of 146881 ***