[Bug 2434] New: scp can send arbitrary control characters / escape sequences to the terminal
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jul 24 04:32:06 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2434
Bug ID: 2434
Summary: scp can send arbitrary control characters / escape
sequences to the terminal
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: scp
Assignee: unassigned-bugs at mindrot.org
Reporter: vincent-openssh at vinc17.net
When outputting filenames to the terminal, scp doesn't filter out
non-printable characters. Example:
$ touch "ab`tput clear`cd"
$ ls ab*
ab?[H?[2Jcd
$ scp ab* localhost:/tmp
clears the screen.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list