Security Update – scp

Post Written by
Ivan Dabić
Last modified on July 15th, 2020 at 12:33 pm

OpenSSH project had been working on version OpenSSH 8.0p1 in 2019 when they published that "scp" protocol thus the "scp" command has a vulnerability with verification of the file name sent by server against the one that client actually requested. This issue was mitigated in OpenSSH 8.0p1 but, was never fully applied across the platforms.
Reference: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-March/037672.html

An important thing to note is that this is still an ongoing issue with different platforms. RedHat has marked the scp as "Will Not Fix" for Red Hat Enterprise Linux 7 on their official page addressing CVE-2019-6111 in OpenSSH version 7.9.

Emotional statement: as we all loved worked with scp we'll be monitoring for confirmation that this vulnerability is removed across the platforms and will gladly let you know about it 😉.

Contact Us

Fill out the enquiry form and we'll get back to you as soon as possible.

*Max. file size 5MB


*How did you find out about us?