Vulnerability-Lookup

CVE-2006-0225 (GCVE-0-2006-0225)

Vulnerability from cvelistv5 – Published: 2006-01-25 16:00 – Updated: 2024-08-07 16:25

Summary

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.securityfocus.com/bid/16369	vdb-entryx_refsource_BID
	http://itrc.hp.com/service/cki/docDisplay.do?docI…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/25936	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18798	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/support/vi3/doc/esx-3069097…	x_refsource_CONFIRM
	http://www14.software.ibm.com/webapp/set2/sas/f/h…	x_refsource_CONFIRM
	http://secunia.com/advisories/23340	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2006-02…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/18970	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21492	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	third-party-advisoryx_refsource_CERT
	http://www.trustix.org/errata/2006/0004	vendor-advisoryx_refsource_TRUSTIX
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://secunia.com/advisories/19159	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18650	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18736	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/22692	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/2120	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/23680	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/18579	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18969	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/20723	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://securityreason.com/securityalert/462	third-party-advisoryx_refsource_SREASON
	http://docs.info.apple.com/article.html?artnum=305214	x_refsource_CONFIRM
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/4869	vdb-entryx_refsource_VUPEN
	http://www.openpkg.org/security/OpenPKG-SA-2006.0…	vendor-advisoryx_refsource_OPENPKG
	http://www.securityfocus.com/archive/1/425397/100…	vendor-advisoryx_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2006-00…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/21262	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25607	third-party-advisoryx_refsource_SECUNIA
	http://itrc.hp.com/service/cki/docDisplay.do?docI…	vendor-advisoryx_refsource_HP
	http://blogs.sun.com/security/entry/sun_alert_102…	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www14.software.ibm.com/webapp/set2/subscri…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/2490	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2006/0306	vdb-entryx_refsource_VUPEN
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/21129	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1015540	vdb-entryx_refsource_SECTRACK
	http://www.redhat.com/archives/fedora-announce-li…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/21724	third-party-advisoryx_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/23241	third-party-advisoryx_refsource_SECUNIA
	ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/com…	vendor-advisoryx_refsource_OPENBSD
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/0930	vdb-entryx_refsource_VUPEN
	https://bugzilla.redhat.com/bugzilla/show_bug.cgi…	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.vmware.com/support/vi3/doc/esx-9986131…	x_refsource_CONFIRM
	http://secunia.com/advisories/18850	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22196	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/18595	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18964	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-255-1	vendor-advisoryx_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://secunia.com/advisories/18910	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/24479	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16369"
          },
          {
            "name": "HPSBUX02178",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
          },
          {
            "name": "25936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25936"
          },
          {
            "name": "18798",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18798"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
          },
          {
            "name": "23340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "RHSA-2006:0298",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
          },
          {
            "name": "18970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18970"
          },
          {
            "name": "21492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21492"
          },
          {
            "name": "TA07-072A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "name": "2006-0004",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
          },
          {
            "name": "19159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19159"
          },
          {
            "name": "18650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18650"
          },
          {
            "name": "18736",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18736"
          },
          {
            "name": "22692",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22692"
          },
          {
            "name": "ADV-2007-2120",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2120"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "name": "APPLE-SA-2007-03-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "name": "18579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18579"
          },
          {
            "name": "18969",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18969"
          },
          {
            "name": "20723",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20723"
          },
          {
            "name": "openssh-scp-command-execution(24305)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
          },
          {
            "name": "MDKSA-2006:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
          },
          {
            "name": "462",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/462"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
          },
          {
            "name": "ADV-2006-4869",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4869"
          },
          {
            "name": "OpenPKG-SA-2006.003",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
          },
          {
            "name": "FLSA-2006:168935",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
          },
          {
            "name": "RHSA-2006:0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
          },
          {
            "name": "21262",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21262"
          },
          {
            "name": "25607",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25607"
          },
          {
            "name": "SSRT061267",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
          },
          {
            "name": "SUSE-SA:2006:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
          },
          {
            "name": "ADV-2006-2490",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2490"
          },
          {
            "name": "ADV-2006-0306",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0306"
          },
          {
            "name": "SSA:2006-045-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
          },
          {
            "name": "oval:org.mitre.oval:def:1138",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
          },
          {
            "name": "21129",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21129"
          },
          {
            "name": "1015540",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015540"
          },
          {
            "name": "FEDORA-2006-056",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
          },
          {
            "name": "21724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21724"
          },
          {
            "name": "GLSA-200602-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
          },
          {
            "name": "23241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23241"
          },
          {
            "name": "20060212 [3.8] 005: SECURITY FIX: February 12, 2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
          },
          {
            "name": "ADV-2007-0930",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
          },
          {
            "name": "102961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "18850",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18850"
          },
          {
            "name": "22196",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
          },
          {
            "name": "RHSA-2006:0698",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
          },
          {
            "name": "18595",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18595"
          },
          {
            "name": "18964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18964"
          },
          {
            "name": "USN-255-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-255-1"
          },
          {
            "name": "oval:org.mitre.oval:def:9962",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
          },
          {
            "name": "20060703-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
          },
          {
            "name": "18910",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18910"
          },
          {
            "name": "24479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-24T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "16369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16369"
        },
        {
          "name": "HPSBUX02178",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
        },
        {
          "name": "25936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25936"
        },
        {
          "name": "18798",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18798"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
        },
        {
          "name": "23340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23340"
        },
        {
          "name": "RHSA-2006:0298",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
        },
        {
          "name": "18970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18970"
        },
        {
          "name": "21492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21492"
        },
        {
          "name": "TA07-072A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
        },
        {
          "name": "2006-0004",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
        },
        {
          "name": "19159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19159"
        },
        {
          "name": "18650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18650"
        },
        {
          "name": "18736",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18736"
        },
        {
          "name": "22692",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22692"
        },
        {
          "name": "ADV-2007-2120",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2120"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "name": "APPLE-SA-2007-03-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
        },
        {
          "name": "18579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18579"
        },
        {
          "name": "18969",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18969"
        },
        {
          "name": "20723",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20723"
        },
        {
          "name": "openssh-scp-command-execution(24305)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
        },
        {
          "name": "MDKSA-2006:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
        },
        {
          "name": "462",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/462"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305214"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
        },
        {
          "name": "ADV-2006-4869",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4869"
        },
        {
          "name": "OpenPKG-SA-2006.003",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
        },
        {
          "name": "FLSA-2006:168935",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
        },
        {
          "name": "RHSA-2006:0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
        },
        {
          "name": "21262",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21262"
        },
        {
          "name": "25607",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25607"
        },
        {
          "name": "SSRT061267",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
        },
        {
          "name": "SUSE-SA:2006:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
        },
        {
          "name": "ADV-2006-2490",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2490"
        },
        {
          "name": "ADV-2006-0306",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0306"
        },
        {
          "name": "SSA:2006-045-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
        },
        {
          "name": "oval:org.mitre.oval:def:1138",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
        },
        {
          "name": "21129",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21129"
        },
        {
          "name": "1015540",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015540"
        },
        {
          "name": "FEDORA-2006-056",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
        },
        {
          "name": "21724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21724"
        },
        {
          "name": "GLSA-200602-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
        },
        {
          "name": "23241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23241"
        },
        {
          "name": "20060212 [3.8] 005: SECURITY FIX: February 12, 2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
        },
        {
          "name": "ADV-2007-0930",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0930"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
        },
        {
          "name": "102961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "18850",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18850"
        },
        {
          "name": "22196",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
        },
        {
          "name": "RHSA-2006:0698",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
        },
        {
          "name": "18595",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18595"
        },
        {
          "name": "18964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18964"
        },
        {
          "name": "USN-255-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-255-1"
        },
        {
          "name": "oval:org.mitre.oval:def:9962",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
        },
        {
          "name": "20060703-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
        },
        {
          "name": "18910",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18910"
        },
        {
          "name": "24479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24479"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-0225",
    "datePublished": "2006-01-25T16:00:00.000Z",
    "dateReserved": "2006-01-17T05:00:00.000Z",
    "dateUpdated": "2024-08-07T16:25:34.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2006-0225

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Aliases

CVE-2006-0225

Aliases

CVE-2006-0225

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0225",
    "description": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.",
    "id": "GSD-2006-0225",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-0225.html",
      "https://access.redhat.com/errata/RHSA-2006:0698",
      "https://access.redhat.com/errata/RHSA-2006:0298",
      "https://access.redhat.com/errata/RHSA-2006:0044"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0225"
      ],
      "details": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.",
      "id": "GSD-2006-0225",
      "modified": "2023-12-13T01:19:50.716644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-0225",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc",
            "refsource": "MISC",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
          },
          {
            "name": "http://secunia.com/advisories/21262",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21262"
          },
          {
            "name": "http://secunia.com/advisories/23340",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "name": "http://secunia.com/advisories/23680",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/425397/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305214",
            "refsource": "MISC",
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "name": "http://secunia.com/advisories/24479",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/24479"
          },
          {
            "name": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/0930",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch",
            "refsource": "MISC",
            "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
          },
          {
            "name": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability",
            "refsource": "MISC",
            "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
          },
          {
            "name": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112",
            "refsource": "MISC",
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
          },
          {
            "name": "http://secunia.com/advisories/18579",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18579"
          },
          {
            "name": "http://secunia.com/advisories/18595",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18595"
          },
          {
            "name": "http://secunia.com/advisories/18650",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18650"
          },
          {
            "name": "http://secunia.com/advisories/18736",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18736"
          },
          {
            "name": "http://secunia.com/advisories/18798",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18798"
          },
          {
            "name": "http://secunia.com/advisories/18850",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18850"
          },
          {
            "name": "http://secunia.com/advisories/18910",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18910"
          },
          {
            "name": "http://secunia.com/advisories/18964",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18964"
          },
          {
            "name": "http://secunia.com/advisories/18969",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18969"
          },
          {
            "name": "http://secunia.com/advisories/18970",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/18970"
          },
          {
            "name": "http://secunia.com/advisories/19159",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/19159"
          },
          {
            "name": "http://secunia.com/advisories/20723",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/20723"
          },
          {
            "name": "http://secunia.com/advisories/21129",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21129"
          },
          {
            "name": "http://secunia.com/advisories/21492",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21492"
          },
          {
            "name": "http://secunia.com/advisories/21724",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21724"
          },
          {
            "name": "http://secunia.com/advisories/22196",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22196"
          },
          {
            "name": "http://secunia.com/advisories/23241",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23241"
          },
          {
            "name": "http://secunia.com/advisories/25607",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/25607"
          },
          {
            "name": "http://secunia.com/advisories/25936",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/25936"
          },
          {
            "name": "http://securityreason.com/securityalert/462",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/462"
          },
          {
            "name": "http://securitytracker.com/id?1015540",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1015540"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
          },
          {
            "name": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html",
            "refsource": "MISC",
            "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
          },
          {
            "name": "http://www.osvdb.org/22692",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/22692"
          },
          {
            "name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0044.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0298.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0698.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/16369",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/16369"
          },
          {
            "name": "http://www.trustix.org/errata/2006/0004",
            "refsource": "MISC",
            "url": "http://www.trustix.org/errata/2006/0004"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-255-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-255-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/0306",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/0306"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/2490",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/2490"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/4869",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/4869"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/2120",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/2120"
          },
          {
            "name": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688",
            "refsource": "MISC",
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
          },
          {
            "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751",
            "refsource": "MISC",
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
          },
          {
            "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-0225"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
            },
            {
              "name": "16369",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/16369"
            },
            {
              "name": "18579",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18579"
            },
            {
              "name": "18595",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18595"
            },
            {
              "name": "2006-0004",
              "refsource": "TRUSTIX",
              "tags": [],
              "url": "http://www.trustix.org/errata/2006/0004"
            },
            {
              "name": "1015540",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015540"
            },
            {
              "name": "18650",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18650"
            },
            {
              "name": "18736",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18736"
            },
            {
              "name": "20060212 [3.8] 005: SECURITY FIX: February 12, 2006",
              "refsource": "OPENBSD",
              "tags": [],
              "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
            },
            {
              "name": "SUSE-SA:2006:008",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
            },
            {
              "name": "18798",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18798"
            },
            {
              "name": "18850",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18850"
            },
            {
              "name": "OpenPKG-SA-2006.003",
              "refsource": "OPENPKG",
              "tags": [],
              "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
            },
            {
              "name": "SSA:2006-045-06",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
            },
            {
              "name": "18910",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18910"
            },
            {
              "name": "GLSA-200602-11",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
            },
            {
              "name": "USN-255-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-255-1"
            },
            {
              "name": "22692",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/22692"
            },
            {
              "name": "18964",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18964"
            },
            {
              "name": "18969",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18969"
            },
            {
              "name": "18970",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18970"
            },
            {
              "name": "RHSA-2006:0044",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
            },
            {
              "name": "19159",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19159"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
            },
            {
              "name": "20723",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20723"
            },
            {
              "name": "RHSA-2006:0298",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
            },
            {
              "name": "21129",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21129"
            },
            {
              "name": "20060703-01-P",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
            },
            {
              "name": "21262",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21262"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
            },
            {
              "name": "21492",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21492"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
            },
            {
              "name": "21724",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21724"
            },
            {
              "name": "RHSA-2006:0698",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
            },
            {
              "name": "22196",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22196"
            },
            {
              "name": "23241",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23241"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
            },
            {
              "name": "23340",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23340"
            },
            {
              "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
            },
            {
              "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
            },
            {
              "name": "23680",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23680"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305214",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=305214"
            },
            {
              "name": "24479",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24479"
            },
            {
              "name": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
            },
            {
              "name": "APPLE-SA-2007-03-13",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
            },
            {
              "name": "MDKSA-2006:034",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
            },
            {
              "name": "102961",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
            },
            {
              "name": "TA07-072A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
            },
            {
              "name": "25607",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25607"
            },
            {
              "name": "25936",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25936"
            },
            {
              "name": "462",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/462"
            },
            {
              "name": "ADV-2007-0930",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0930"
            },
            {
              "name": "ADV-2006-0306",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/0306"
            },
            {
              "name": "ADV-2007-2120",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2120"
            },
            {
              "name": "ADV-2006-4869",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4869"
            },
            {
              "name": "ADV-2006-2490",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2490"
            },
            {
              "name": "HPSBUX02178",
              "refsource": "HP",
              "tags": [],
              "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
            },
            {
              "name": "FEDORA-2006-056",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
            },
            {
              "name": "openssh-scp-command-execution(24305)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
            },
            {
              "name": "oval:org.mitre.oval:def:9962",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
            },
            {
              "name": "oval:org.mitre.oval:def:1138",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
            },
            {
              "name": "FLSA-2006:168935",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:43Z",
      "publishedDate": "2006-01-25T11:03Z"
    }
  }
}

CERTA-2007-AVI-310

Vulnerability from certfr_avis - Published: 2007-07-12 - Updated: 2007-07-12

Une vulnérabilité dans Sun Solaris permet à un utilisateur local malintentionné d'élever ses privilèges.

Description

La commande rcp (Remote File Copy) permet de copier des fichiers entre machines distantes.

Une vulnérabilité dans le traitement des noms de fichiers fournis en arguments permet à un individu local malveillant d'élever ses privilèges sur le système vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Sun Solaris 8.
N/A	N/A	Sun Solaris 10 ;
N/A	N/A	Sun Solaris 9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun Solaris #102978 du 12 juillet 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Solaris 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Solaris 10 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Solaris 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLa commande rcp (Remote File Copy) permet de copier des fichiers entre\nmachines distantes.\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des noms de fichiers fournis en\narguments permet \u00e0 un individu local malveillant d\u0027\u00e9lever ses privil\u00e8ges\nsur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    }
  ],
  "initial_release_date": "2007-07-12T00:00:00",
  "last_revision_date": "2007-07-12T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-310",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Sun Solaris permet \u00e0 un utilisateur local\nmalintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la commande rcp sous Sun Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #102978 du 12 juillet 2007",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1"
    }
  ]
}

CERTA-2007-AVI-124

Vulnerability from certfr_avis - Published: 2007-03-14 - Updated: 2007-03-14

Plusieurs vulnérabilités affectent MacOS X. Les plus graves permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Plusieurs composants de MacOS X sont sujets à des vulnérabilités, les plus graves permettant à un attaquant distant d'exécuter du code arbitraire.

Les composants impactés sont : ColorSync (CVE-2007-0719), CoreGraphics, Crash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images (CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062, CVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins (CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300, CVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO (CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129, CVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226, CVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH (CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051, CVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager (CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server (CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959), WebLog (CVE-2006-4829).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	macOS	MacOS X 10.3.9 et MacOS X Server 10.3.9 ;
	Apple	macOS	MacOS X 10.4 et MacOS X Server 10.4.

References

Title

Publication Time

Tags

Mise à jour de sécurité 2007-003 de MacOS X	None	vendor-advisory
Bulletin de sécurité Apple du 12 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS X 10.3.9 et MacOS X Server 10.3.9 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.4 et MacOS X Server 10.4.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs composants de MacOS X sont sujets \u00e0 des vuln\u00e9rabilit\u00e9s, les\nplus graves permettant \u00e0 un attaquant distant d\u0027ex\u00e9cuter du code\narbitraire.  \n\nLes composants impact\u00e9s sont : ColorSync (CVE-2007-0719), CoreGraphics,\nCrash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images\n(CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062,\nCVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins\n(CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300,\nCVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO\n(CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129,\nCVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517,\nCVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226,\nCVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH\n(CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051,\nCVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager\n(CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server\n(CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959),\nWebLog (CVE-2006-4829).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3469"
    },
    {
      "name": "CVE-2006-6061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6061"
    },
    {
      "name": "CVE-2006-2753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2753"
    },
    {
      "name": "CVE-2007-0722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0722"
    },
    {
      "name": "CVE-2007-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0229"
    },
    {
      "name": "CVE-2006-6173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6173"
    },
    {
      "name": "CVE-2007-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0733"
    },
    {
      "name": "CVE-2006-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5836"
    },
    {
      "name": "CVE-2007-0720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0720"
    },
    {
      "name": "CVE-2006-5052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5052"
    },
    {
      "name": "CVE-2006-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3081"
    },
    {
      "name": "CVE-2007-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0318"
    },
    {
      "name": "CVE-2007-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0236"
    },
    {
      "name": "CVE-2006-4829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4829"
    },
    {
      "name": "CVE-2006-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1517"
    },
    {
      "name": "CVE-2006-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4924"
    },
    {
      "name": "CVE-2005-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2959"
    },
    {
      "name": "CVE-2007-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0728"
    },
    {
      "name": "CVE-2006-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6129"
    },
    {
      "name": "CVE-2007-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0267"
    },
    {
      "name": "CVE-2007-0731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0731"
    },
    {
      "name": "CVE-2007-0726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0726"
    },
    {
      "name": "CVE-2006-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4226"
    },
    {
      "name": "CVE-2007-0299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0299"
    },
    {
      "name": "CVE-2007-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0724"
    },
    {
      "name": "CVE-2007-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1071"
    },
    {
      "name": "CVE-2006-4031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4031"
    },
    {
      "name": "CVE-2007-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0588"
    },
    {
      "name": "CVE-2006-1516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1516"
    },
    {
      "name": "CVE-2006-5679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5679"
    },
    {
      "name": "CVE-2007-0721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0721"
    },
    {
      "name": "CVE-2006-6130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6130"
    },
    {
      "name": "CVE-2006-5330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5330"
    },
    {
      "name": "CVE-2007-0730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0730"
    },
    {
      "name": "CVE-2006-0300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0300"
    },
    {
      "name": "CVE-2007-0719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0719"
    },
    {
      "name": "CVE-2006-6062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6062"
    },
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2007-0467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0467"
    },
    {
      "name": "CVE-2007-0463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0463"
    },
    {
      "name": "CVE-2006-6097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6097"
    },
    {
      "name": "CVE-2007-0723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0723"
    }
  ],
  "initial_release_date": "2007-03-14T00:00:00",
  "last_revision_date": "2007-03-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 12 mars 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    }
  ],
  "reference": "CERTA-2007-AVI-124",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent MacOS X. Les plus graves permettent \u00e0\nune personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 2007-003 de MacOS X",
      "url": null
    }
  ]
}

CERTA-2007-AVI-026

Vulnerability from certfr_avis - Published: 2007-01-11 - Updated: 2007-01-11

De multiples vulnérabilités ont été corrigées pour les produits VMware ESX Server 2.x et 3.0.x.

Description

De multiples vulnérabilités ont été découvertes dans le produit VMware ESX Server. Celles-ci concernent :

Une mauvaise gestion des droits sur les clés SSL générées par vmware-config (CVE-2006-3589) ;
certaines bibilothèques OpenSSL (CVE-2006-2937, CVE-2006-2940, CVE-2006-4339, CVE-2006-4343, CVE-2006-3738) ;
OpenSSH (CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924, CVE-2006-5051, CVE-2006-5794) ;
un débordement de tampon dans la fonction repr() utilisée par certaines applications en Python (CVE-2006-4980) ;
un problème concernant les fichiers de disques virtuels ( .vmdk ou .dsk ) nouvellement créés, qui contiennent des blocs de fichiers de disques récemment effacés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX Server 3.0.x
	VMware	N/A	VMware ESX Server 2.x.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2007-0001	2007-01-09	vendor-advisory
Patch pour VMWare ESX Server 2.5.3 :	-	other
Patch pour VMware ESX Server 2.0.2 :	-	other
Patch pour VMware ESX Server 3.0.0 :	-	other
Patch pour VMWare ESX Server 2.1.3 :	-	other
Patch pour VMware ESX Server 2.5.4 :	-	other
Patch pour VMware ESX Server 3.0.1 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX Server 3.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le produit VMware\nESX Server. Celles-ci concernent :\n\n-   Une mauvaise gestion des droits sur les cl\u00e9s SSL g\u00e9n\u00e9r\u00e9es par\n    vmware-config (CVE-2006-3589) ;\n-   certaines bibiloth\u00e8ques OpenSSL (CVE-2006-2937, CVE-2006-2940,\n    CVE-2006-4339, CVE-2006-4343, CVE-2006-3738) ;\n-   OpenSSH (CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924,\n    CVE-2006-5051, CVE-2006-5794) ;\n-   un d\u00e9bordement de tampon dans la fonction repr() utilis\u00e9e par\n    certaines applications en Python (CVE-2006-4980) ;\n-   un probl\u00e8me concernant les fichiers de disques virtuels ( .vmdk ou\n    .dsk ) nouvellement cr\u00e9\u00e9s, qui contiennent des blocs de fichiers de\n    disques r\u00e9cemment effac\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4339"
    },
    {
      "name": "CVE-2006-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3589"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2004-2069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2069"
    },
    {
      "name": "CVE-2006-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4924"
    },
    {
      "name": "CVE-2003-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0386"
    },
    {
      "name": "CVE-2006-4343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4343"
    },
    {
      "name": "CVE-2006-5794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5794"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2006-4980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4980"
    }
  ],
  "initial_release_date": "2007-01-11T00:00:00",
  "last_revision_date": "2007-01-11T00:00:00",
  "links": [
    {
      "title": "Patch pour VMWare ESX Server 2.5.3 :",
      "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 2.0.2 :",
      "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 3.0.0 :",
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "title": "Patch pour VMWare ESX Server 2.1.3 :",
      "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 2.5.4 :",
      "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 3.0.1 :",
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    }
  ],
  "reference": "CERTA-2007-AVI-026",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es pour les produits VMware\nESX Server 2.x et 3.0.x.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": "2007-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2007-0001",
      "url": "None"
    }
  ]
}

CERTA-2006-AVI-563

Vulnerability from certfr_avis - Published: 2006-12-18 - Updated: 2006-12-18

None

Description

De multiples vulnérabilités présentes dans Avaya Predictive Dialing System permettent à un utilisateur distant malintentionné de provoquer un déni de service, de contourner la politique de sécurité, d'exécuter des commandes et du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Avaya Predictive Dialing System (PDS).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Avaya ASA-2006-260 du 11 décembre 2006	None	vendor-advisory
Bulletin de sécurité Avaya ASA-2006-262 du 11 décembre 2006	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAvaya Predictive Dialing System (PDS).\u003c/P\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Avaya Predictive Dialing\nSystem permettent \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer\nun d\u00e9ni de service, de contourner la politique de s\u00e9curit\u00e9, d\u0027ex\u00e9cuter\ndes commandes et du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2005-2969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2969"
    },
    {
      "name": "CVE-2006-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4924"
    },
    {
      "name": "CVE-2006-4343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4343"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    }
  ],
  "initial_release_date": "2006-12-18T00:00:00",
  "last_revision_date": "2006-12-18T00:00:00",
  "links": [],
  "reference": "CERTA-2006-AVI-563",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Predictive Dialing System",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2006-260 du 11 d\u00e9cembre 2006",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2006-262 du 11 d\u00e9cembre 2006",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.pdf"
    }
  ]
}

FKIE_CVE-2006-0225

Vulnerability from fkie_nvd - Published: 2006-01-25 11:03 - Updated: 2025-04-03 01:03

Severity ?

Summary

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

References

URL	Tags
secalert@redhat.com	ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
secalert@redhat.com	ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
secalert@redhat.com	http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
secalert@redhat.com	http://docs.info.apple.com/article.html?artnum=305214
secalert@redhat.com	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
secalert@redhat.com	http://secunia.com/advisories/18579
secalert@redhat.com	http://secunia.com/advisories/18595	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/18650
secalert@redhat.com	http://secunia.com/advisories/18736
secalert@redhat.com	http://secunia.com/advisories/18798
secalert@redhat.com	http://secunia.com/advisories/18850
secalert@redhat.com	http://secunia.com/advisories/18910
secalert@redhat.com	http://secunia.com/advisories/18964
secalert@redhat.com	http://secunia.com/advisories/18969
secalert@redhat.com	http://secunia.com/advisories/18970
secalert@redhat.com	http://secunia.com/advisories/19159
secalert@redhat.com	http://secunia.com/advisories/20723
secalert@redhat.com	http://secunia.com/advisories/21129
secalert@redhat.com	http://secunia.com/advisories/21262
secalert@redhat.com	http://secunia.com/advisories/21492
secalert@redhat.com	http://secunia.com/advisories/21724
secalert@redhat.com	http://secunia.com/advisories/22196
secalert@redhat.com	http://secunia.com/advisories/23241
secalert@redhat.com	http://secunia.com/advisories/23340
secalert@redhat.com	http://secunia.com/advisories/23680
secalert@redhat.com	http://secunia.com/advisories/24479
secalert@redhat.com	http://secunia.com/advisories/25607
secalert@redhat.com	http://secunia.com/advisories/25936
secalert@redhat.com	http://securityreason.com/securityalert/462
secalert@redhat.com	http://securitytracker.com/id?1015540
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:034
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_08_openssh.html
secalert@redhat.com	http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html
secalert@redhat.com	http://www.osvdb.org/22692
secalert@redhat.com	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0044.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0298.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0698.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/425397/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/16369
secalert@redhat.com	http://www.trustix.org/errata/2006/0004
secalert@redhat.com	http://www.ubuntu.com/usn/usn-255-1
secalert@redhat.com	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
secalert@redhat.com	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
secalert@redhat.com	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/0306
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/2490
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4869
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0930
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/2120
secalert@redhat.com	http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
secalert@redhat.com	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
secalert@redhat.com	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/24305
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
af854a3a-2127-422b-91ae-364da2661108	http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305214
af854a3a-2127-422b-91ae-364da2661108	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18579
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18595	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18650
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18736
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18798
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18850
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18910
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18964
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18969
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18970
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19159
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20723
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21129
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21262
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21492
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21724
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22196
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23241
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23340
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23680
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24479
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25607
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25936
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/462
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015540
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:034
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_08_openssh.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22692
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0044.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0298.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0698.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/425397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16369
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2006/0004
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-255-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0306
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2490
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4869
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0930
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2120
af854a3a-2127-422b-91ae-364da2661108	http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
af854a3a-2127-422b-91ae-364da2661108	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24305
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962

Impacted products

Vendor	Product	Version
openbsd	openssh	3.0
openbsd	openssh	3.0.1
openbsd	openssh	3.0.1p1
openbsd	openssh	3.0.2
openbsd	openssh	3.0.2p1
openbsd	openssh	3.0p1
openbsd	openssh	3.1
openbsd	openssh	3.1p1
openbsd	openssh	3.2
openbsd	openssh	3.2.2p1
openbsd	openssh	3.2.3p1
openbsd	openssh	3.3
openbsd	openssh	3.3p1
openbsd	openssh	3.4
openbsd	openssh	3.4p1
openbsd	openssh	3.5
openbsd	openssh	3.5p1
openbsd	openssh	3.6
openbsd	openssh	3.6.1
openbsd	openssh	3.6.1p1
openbsd	openssh	3.6.1p2
openbsd	openssh	3.7
openbsd	openssh	3.7.1
openbsd	openssh	3.7.1p2
openbsd	openssh	3.8
openbsd	openssh	3.8.1
openbsd	openssh	3.8.1p1
openbsd	openssh	3.9
openbsd	openssh	3.9.1
openbsd	openssh	3.9.1p1
openbsd	openssh	4.0p1
openbsd	openssh	4.1p1
openbsd	openssh	4.2p1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice."
    },
    {
      "lang": "es",
      "value": "scp en OpenSSH 4.2p1 permite a atacantes ejecutar \u00f3rdenes de su elecci\u00f3n mediante nombres de ficheros que contienen metacaract\u00e9res o espacios, que son expandidos dos veces."
    }
  ],
  "id": "CVE-2006-0225",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-01-25T11:03:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18579"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18595"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18650"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18736"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18850"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18910"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18964"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18969"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/18970"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19159"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/20723"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21129"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21262"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21492"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22196"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23241"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23340"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23680"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25607"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25936"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/462"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1015540"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/22692"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/16369"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.trustix.org/errata/2006/0004"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-255-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/0306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/2490"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4869"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/2120"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18595"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/22692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2006/0004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-255-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue was addressed in Red Hat Enterprise Linux 2.1, 3 and 4:\n\nhttps://rhn.redhat.com/errata/CVE-2006-0225.html\nhttps://www.redhat.com/security/data/cve/CVE-2006-0225.html\n\nIssue was fixed upstream in version 4.3.  The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw.",
      "lastModified": "2009-09-09T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FJC8-474C-2XX3

Vulnerability from github – Published: 2022-05-03 03:15 – Updated: 2022-05-03 03:15

Details

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0225"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-01-25T11:03:00Z",
    "severity": "MODERATE"
  },
  "details": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.",
  "id": "GHSA-fjc8-474c-2xx3",
  "modified": "2022-05-03T03:15:29Z",
  "published": "2022-05-03T03:15:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0225"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
    },
    {
      "type": "WEB",
      "url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "type": "WEB",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18579"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18595"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18650"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18736"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18798"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18850"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18910"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18964"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18969"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18970"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19159"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20723"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21129"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21262"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21492"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22196"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23241"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23340"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23680"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25607"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25936"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/462"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015540"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/22692"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16369"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2006/0004"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-255-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0306"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2490"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4869"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2120"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-0225 (GCVE-0-2006-0225)

GSD-2006-0225

CERTA-2007-AVI-310

Description

Solution

CERTA-2007-AVI-124

Description

Solution

CERTA-2007-AVI-026

Description

Solution

CERTA-2006-AVI-563

Description

Solution

FKIE_CVE-2006-0225

GHSA-FJC8-474C-2XX3

Tags

Sightings

Nomenclature