Malicious servers can now use your PC’s files during SCP slurps

Be aware! A decades-old flaw which is present in the design of the Secure Copy Protocol (SCP) tools can be exploited by malicious servers to alter victims’ files.

Cybersecurity researchers have discovered that five old CVE vulnerabilities can still be abused by malicious servers to overwrite arbitrary files on a computer connected via SCP.
Researchers say that this cyber attack can affect anyone who uses a vulnerable version of OpenSSH’s SCP, PuTTY’s PSCP, or WinSCP, to securely transfer files from a remote server.

The key point here is that a malicious SCP server can alter files on your local device other than the ones you fetched, or change access permissions, or download extra files.

The responsibility for this flaw can be attributed to RCP, on which SCP is based, because it allows a server to control which files are sent, and without the SCP client thoroughly checking it’s getting its expected objects. This allows a hacker’s server to run arbitrary commands on the victim’s device.
Be aware because many SCP clients fail to verify if the objects returned by the SCP server match those it asked for. Researchers say that the most worrying thing isn’t the flaw itself but the fact that this issue exists since 1983.

Thos are the vulnerabilities:
1 CVE-2018-20685 (SCP) which if it is exploited the SCP client allows server to modify permissions of the target directory by using empty (‘D0777 0 \n’) or dot (‘D0777 0 .\n’) directory name.
2 CVE-2019-6111 (SCP) and CVE-2018-20684 (WinSCP); If those tows got used by the hacker’s server to choose which files/directories are sent to the victim.
3 CVE-2019-6109 (SCP and PSCP) is used to manipulate the victim output, for example, the ANSI codes to hide additional files being transferred.
4 CVE-2019-6110 (SCP and PSCP) manages to manipulate the victim’s output like the ANSI codes to hide additional files being transferred.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

The affected versions and CVE numbers:
CVE-2018-20685
CVE-2019-6111
CVE-2018-20684
CVE-2019s-6109
CVE-2019-6110
OpenSSH scp<=7.9
PuTTY PSCP
WinSCP in SCP mode<=5.13

The good news here is that CVE-2018-20685 was already been patched in the newest version of OpenSSH’s. But the bad news is that CVE-2019-6111, CVE-2019-6109, and CVE-2019-6110 remain unpatched in the latest version. If you want to stay safe cybersecurity researchers recommend to configure your systems not to use SCP.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.