A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorisedly.
Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely transfer files between a local host and a remote host using RCP (Remote Copy Protocol) and SSH protocol.
In other terms, SCP, which dates back to 1983, is a secure version of RCP that uses authentication and encryption of SSH protocol to transfer files between a server and a client.
Discovered by Harry Sintonen, one of F-Secure’s Senior Security Consultants, the vulnerabilities exist due to poor validations performed by the SCP clients, which can be abused by malicious servers or man-in-the-middle (MiTM) attackers to drop or overwrite arbitrary files on the client’s system.
images from Hacker News