Knowledge Search


×
 

The scp client can corrupt local files if connected to a malicious server (BugTraq ID 9986)

  [JSA10320] Show Article Properties


Legacy Advisory Id:
PSN-2004-04-002
Product Affected:
All Juniper M-series and T-series routers running domestic software built prior to April 6, 2004.
Problem:
Domestic versions of JUNOS software include the scp utility for securely copying files to and from the router. If the scp client program connects to a malicious remote server, that server could corrupt local files.

This vulnerability is tracked in PR/45426 and is described in more detail at the Security Focus web site.
Solution:
The scp utility has been modified to remove this vulnerability.
Implementation:
All domestic releases of JUNOS software built on or after April 6, 2004 include the modified scp program.

As a workaround, do not use the routerýs scp client to copy files between the router and untrusted servers.
Related Links:
Severity Level:
Low
Severity Assessment:
This vulnerability only exists only if you issue the ýfile copyý command from the router and the remote server has already been compromised.