Knowledge Search


The scp client can corrupt local files if connected to a malicious server (BugTraq ID 9986)

  [JSA10320] Show Article Properties

Legacy Advisory Id:
Product Affected:
All Juniper M-series and T-series routers running domestic software built prior to April 6, 2004.
Domestic versions of JUNOS software include the scp utility for securely copying files to and from the router. If the scp client program connects to a malicious remote server, that server could corrupt local files.

This vulnerability is tracked in PR/45426 and is described in more detail at the Security Focus web site.
The scp utility has been modified to remove this vulnerability.
All domestic releases of JUNOS software built on or after April 6, 2004 include the modified scp program.

As a workaround, do not use the routerýs scp client to copy files between the router and untrusted servers.
Related Links:
Severity Level:
Severity Assessment:
This vulnerability only exists only if you issue the ýfile copyý command from the router and the remote server has already been compromised.