CVE-2004-0175
published 2004-08-18CVE-2004-0175: Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.82%
76.0th percentile
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:3.9p1-1 (bookworm) | openssh 1:3.9p1-1 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:3.9p1-1 | 1:3.9p1-1 |
| openbsd | openssh | >= 0 < 1:3.9p1-1 | 1:3.9p1-1 |
| openbsd | openssh | >= 0 < 1:3.9p1-1 | 1:3.9p1-1 |
| openbsd | openssh | >= 0 < 1:3.9p1-1 | 1:3.9p1-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-384q-pv6w-p8vv: Directory traversal vulnerability in scp for OpenSSH before 3
ghsa_unreviewed·2022-05-03·CVSS 5.0
CVE-2004-0175 [MEDIUM] CWE-22 GHSA-384q-pv6w-p8vv: Directory traversal vulnerability in scp for OpenSSH before 3
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
OSV
CVE-2004-0175: Directory traversal vulnerability in scp for OpenSSH before 3
osv·2004-08-18·CVSS 5.0
CVE-2004-0175 [MEDIUM] CVE-2004-0175: Directory traversal vulnerability in scp for OpenSSH before 3
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
Debian
CVE-2004-0175: openssh - Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote ...
vendor_debian·2004·CVSS 5.0
CVE-2004-0175 [MEDIUM] CVE-2004-0175: openssh - Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote ...
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
Scope: local
bookworm: resolved (fixed in 1:3.9p1-1)
bullseye: resolved (fixed in 1:3.9p1-1)
forky: resolved (fixed in 1:3.9p1-1)
sid: resolved (fixed in 1:3.9p1-1)
trixie: resolved (fixed in 1:3.9p1-1)
Red Hat
security flaw
vendor_redhat·2000-09-01·CVSS 5.0
CVE-2004-0175 [MEDIUM] security flaw
security flaw
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
No detection rules found.
No public exploits indexed.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831http://secunia.com/advisories/17135http://secunia.com/advisories/19243http://www.ciac.org/ciac/bulletins/o-212.shtmlhttp://www.juniper.net/support/security/alerts/adv59739.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2005:100http://www.mandriva.com/security/advisories?name=MDVSA-2008:191http://www.novell.com/linux/security/advisories/2004_09_kernel.htmlhttp://www.osvdb.org/9550http://www.redhat.com/support/errata/RHSA-2005-074.htmlhttp://www.redhat.com/support/errata/RHSA-2005-106.htmlhttp://www.redhat.com/support/errata/RHSA-2005-165.htmlhttp://www.redhat.com/support/errata/RHSA-2005-481.htmlhttp://www.redhat.com/support/errata/RHSA-2005-495.htmlhttp://www.redhat.com/support/errata/RHSA-2005-562.htmlhttp://www.redhat.com/support/errata/RHSA-2005-567.htmlhttp://www.securityfocus.com/bid/9986https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147https://exchange.xforce.ibmcloud.com/vulnerabilities/16323https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831http://secunia.com/advisories/17135http://secunia.com/advisories/19243http://www.ciac.org/ciac/bulletins/o-212.shtmlhttp://www.juniper.net/support/security/alerts/adv59739.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2005:100http://www.mandriva.com/security/advisories?name=MDVSA-2008:191http://www.novell.com/linux/security/advisories/2004_09_kernel.htmlhttp://www.osvdb.org/9550http://www.redhat.com/support/errata/RHSA-2005-074.htmlhttp://www.redhat.com/support/errata/RHSA-2005-106.htmlhttp://www.redhat.com/support/errata/RHSA-2005-165.htmlhttp://www.redhat.com/support/errata/RHSA-2005-481.htmlhttp://www.redhat.com/support/errata/RHSA-2005-495.htmlhttp://www.redhat.com/support/errata/RHSA-2005-562.htmlhttp://www.redhat.com/support/errata/RHSA-2005-567.htmlhttp://www.securityfocus.com/bid/9986https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147https://exchange.xforce.ibmcloud.com/vulnerabilities/16323https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184
2004-08-18
Published