diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c548f590d8de..4d885b2ff031 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -112,7 +112,10 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml"> <p>Simon G. Tatham reports:</p> <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html"> - <p>Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction (i.e. downloading from server to client) of the old-style SCP protocol.</p> + <p>Many versions of PSCP prior to 0.67 have a stack corruption + vulnerability in their treatment of the 'sink' direction (i.e. + downloading from server to client) of the old-style SCP protocol. + </p> <p>In order for this vulnerability to be exploited, the user must connect to a malicious server and attempt to download any file.[...] you can work around it in a vulnerable PSCP by using the -sftp |