diff options
author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-03-08 01:09:24 +0000 |
---|---|---|
committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-03-08 01:09:24 +0000 |
commit | 6ed4f1b94aadb3912f752225223700551576ad3d (patch) | |
tree | b61957b24167c6adc07493adb4a9498792fa1d40 /security/vuxml | |
parent | 02139382dd8b75c67070f7bf614b1be1d4540aa1 (diff) | |
download | ports-6ed4f1b94aadb3912f752225223700551576ad3d.tar.gz ports-6ed4f1b94aadb3912f752225223700551576ad3d.zip |
Notes
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c548f590d8de..4d885b2ff031 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -112,7 +112,10 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml"> <p>Simon G. Tatham reports:</p> <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html"> - <p>Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction (i.e. downloading from server to client) of the old-style SCP protocol.</p> + <p>Many versions of PSCP prior to 0.67 have a stack corruption + vulnerability in their treatment of the 'sink' direction (i.e. + downloading from server to client) of the old-style SCP protocol. + </p> <p>In order for this vulnerability to be exploited, the user must connect to a malicious server and attempt to download any file.[...] you can work around it in a vulnerable PSCP by using the -sftp |