Oh, SSH, IT Please see This: Malicious Servers can Fsck With Your PC's Files During scp Slurps
A decades-old oversight in the design of Secure Copy Protocol (SCP) tools can be exploited by malicious servers to unexpectedly alter victims' files on their client machines, it has emerged.
F-Secure's Harry Sintonen discovered a set of five CVE-listed vulnerabilities, which can be abused by evil servers to overwrite arbitrary files on a computer connected via SCP. If you use a vulnerable version of OpenSSH's scp, PuTTY's PSCP, or WinSCP, to securely transfer files from a remote server, that server may be able to secretly tamper with files on your local box that you do not expect the server to change.
[...] Sintonen explained that because rcp, on which scp is based, allows a server to control which files are sent, and without the scp client thoroughly checking it's getting its expected objects, an attacker can do things like overwrite the user's .bash_aliases file. This, in turn, would allow the attacker to run arbitrary commands on the victim's box when the user does routine stuff, like list a directory.
"Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based," Sintonen explained in his disclosure this month.
"A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output."
The CVE (Common Vulnerabilities and Exposures) reports are:
Only WinSCP seems to have released an update that fixes these.
(Score: 3, Funny) by bzipitidoo on Wednesday January 16 2019, @02:51AM (3 children)
1. Go back to ftp, encrypting the files with gpg before transmitting them.
2. Run scp in a sandbox such as a virtual machine.
3. Harden the destination system with Access Control Lists like in SELinux so scp can't maliciously overwrite important files.
Anyway, wow, a security hole that's been present for 36 years. Is that a record? Blows away Spectre and Meltdown. I mean, those have only been around for about 20 years.
I wonder if at some point it'd be worth doing a total reboot. Build a new OS, tool chain, and utilities from scratch. Could write the whole thing in a more modern language than C.
Meantime, what's next? A security hole in a Fortran mathematical library written in the 1960s that's a dependency for the Vulkan API that our current 3d accelerated graphics uses?
(Score: 2) by pkrasimirov on Wednesday January 16 2019, @09:35AM
> a Fortran mathematical library written in the 1960s that's a dependency for the Vulkan API that our current 3d accelerated graphics uses?
Baah, you got me there! :D
(Score: 0) by Anonymous Coward on Wednesday January 16 2019, @05:34PM (1 child)
in rust, obviously. i would like to try an OS made to be secure from the beginning.
(Score: 2) by Apparition on Wednesday January 16 2019, @11:16PM
Have you looked at Redox OS [redox-os.org]? It's a UNIX-like microkernel OS largely written in Rust.