libssh SCP Path Traversal Vulnerability Allowing File Overwrite

A path traversal vulnerability has been identified in libssh's SCP implementation. A malicious SCP server can send unexpected file paths that cause the client application to overwrite local files outside of the designated working directory. This vulnerability could be exploited to create malicious executable or configuration files, which a user might inadvertently execute under certain conditions. This issue mirrors a similar vulnerability in OpenSSH, referenced as CVE-2019-6111.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution by allowing the creation or modification of executable files or critical configuration files that the user might execute, intentionally or unintentionally.

Remediation

Users are advised not to use SCP, as it has been deprecated and will be removed in future releases. If SCP must be used, the application should validate the paths received from SCP servers to ensure they match the requested paths. This vulnerability has been addressed in libssh versions 0.12.0 and 0.11.4.