SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#912588

WinSCP URI handlers fails to properly parse command line switches

Overview

A vulnerability has been found in WinSCP, which can be exploited by an attacker to overwrite or add files to the victim's computer.

I. Description

WinSCP is an open source SFTP client for Microsoft windows. It supports a file-manager user interface, and uses the SSH protocol to transfer files between hosts. If an attacker convinces a user to follow a specially crafted URL, a file may be directly transferred to the user's computer. The attacker may also be able to append information to files.

Depending on what the user interface settings of WinSCP are, user-interaction may or may not be required to complete the file transfer. This vulnerability is a result of certain command line switches being passed to WinSCP in the malicious URL.

II. Impact

If a victim user clicks on the specially-crafted URL, an attacker could send any chosen file to the victim's computer with access to folders that the user running WinSCP has write access to. The attacker could also append information to a file that may damage the file or make it unusable.

III. Solution

Upgrade


Version 3.8.2 of WinSCP has been published and contains a fix for this vulnerability. Users are encouraged to upgrade to this version of the software.

Restrict Access

Limit SSH client access to trusted servers. SSH servers usually listens on 22/tcp, but can be configured to listen on any TCP port.

Require User Interaction for File Transfers

WinSCP can be configured to notify the user of all file transfers and not automatically handle scp:// and sftp:// addresses. Users are encouraged to enable these options.

Systems Affected

VendorStatusDate NotifiedDate Updated
WinSCPVulnerable22-Jun-2006

References

http://secunia.com/advisories/20575/
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html

Credit

This vulnerability was reported by Jelmer Kuperus.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-06-11
Date First Published:2006-06-22
Date Last Updated:2006-07-07
CERT Advisory: 
CVE-ID(s):CVE-2006-3015
NVD-ID(s):CVE-2006-3015
US-CERT Technical Alerts: 
Metric:0.79
Document Revision:15

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get a PDF Reader