search for: vitja

...n: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: scp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: vitja.makarov at gmail.com Hi! I'm not sure is that a bug or a future. Since SCP doesn't escape filenames it's possible to execute an arbitrary command: localhost:~$ scp 'mchome:foo;echo 123 > foo' /tmp/foo scp: foo: No such file or directory localhost:~$ scp 'mchome:foo;ec...