cvs commit: src/crypto/openssh-3.9p1 misc.c misc.h scp.c sftp.c src/crypto/openssh-4 misc.c misc.h scp.c sftp.c

Simon Schubert corecode at
Mon Feb 13 07:26:01 PST 2006

corecode    2006/02/13 07:23:35 PST

DragonFly src repository

  Modified files:        (Branch: DragonFly_RELEASE_1_2)
    crypto/openssh-3.9p1 misc.c misc.h scp.c sftp.c 
  Modified files:        (Branch: DragonFly_RELEASE_1_4)
    crypto/openssh-4     misc.c misc.h scp.c sftp.c 
  Fix a possible local privilege escalation bug in scp.
  From CVE-2006-0225:
      scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via
      filenames that contain shell metacharacters or spaces, which are expanded
  Noted-by: joerg
  Revision  Changes    Path   +40 -3     src/crypto/openssh-3.9p1/Attic/misc.c   +6 -2      src/crypto/openssh-3.9p1/Attic/misc.h   +91 -48    src/crypto/openssh-3.9p1/Attic/scp.c   +4 -2      src/crypto/openssh-3.9p1/Attic/sftp.c   +40 -3     src/crypto/openssh-4/misc.c   +5 -1      src/crypto/openssh-4/misc.h   +87 -45    src/crypto/openssh-4/scp.c   +4 -2      src/crypto/openssh-4/sftp.c

More information about the Commits mailing list