SCP implementations impacted by 36-years-old security flaws

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/scp-implementations-impacted-by-36-years-old-security-flaws/

By Catalin Cimpanu
ZDNet News
January 14, 2019

All SCP (Secure Copy Protocol) implementations from the last 36 years, since 
1983, are vulnerable to four security bugs that allow a malicious SCP server to 
make unauthorized changes to a client's (user's) system and hide malicious 
operations in the terminal.

The vulnerabilities have been discovered by Harry Sintonen, a security 
researcher with Finnish cyber-security firm F-Secure, who's been working since 
August last year to have them fixed and patched in the major apps that support 
the SCP protocol.

For our readers that are not familiar with SCP, the protocol is a "secure" 
implementation of the RCP (Remote Copy Protocol) -- a protocol for transferring 
files across a network.

SCP works on top of the SSH protocol and supports an authentication mechanism 
to provide authenticity and confidentiality for transferred files, just like 
SSH provides the same thing for the older and insecure Telnet protocol.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_