Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

The scp client can corrupt local files if connected to a malicious server (BugTraq ID 9986)



Article ID: JSA10320 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
Product Affected:
All Juniper M-series and T-series routers running domestic software built prior to April 6, 2004.
Domestic versions of JUNOS software include the scp utility for securely copying files to and from the router. If the scp client program connects to a malicious remote server, that server could corrupt local files.

This vulnerability is tracked in PR/45426 and is described in more detail at the Security Focus web site.
The scp utility has been modified to remove this vulnerability.
All domestic releases of JUNOS software built on or after April 6, 2004 include the modified scp program.

As a workaround, do not use the routerýs scp client to copy files between the router and untrusted servers.
Severity Level:
Severity Assessment:
This vulnerability only exists only if you issue the ýfile copyý command from the router and the remote server has already been compromised.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search