Note: This is an archival copy of Security Sun Alert 200867 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000657.1.
Article ID : 1000657.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-06-26
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in scp(1) May Allow Execution of Unintended Commands


Release Phase

Solaris 9 Operating System
Solaris 10 Operating System

Bug Id

Date of Workaround Release

Date of Resolved Release


Due to a security vulnerability in the way the scp(1) command executes helper applications, certain additional unintended commands may be executed at the same time. This may allow a local unprivileged user (or a remote user in the case of shared filesystems) who is able to create files on the system, to execute arbitrary commands with the privileges of a local user, if those files are acted upon by the local user using the scp(1) command.

This issue is also referenced in the following document:

CVE-2006-0225 at

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 114356-12
  • Solaris 10 without patch 123324-03

x86 Platform

  • Solaris 9 without patch 114357-11
  • Solaris 10 without patch 123325-03

Note: Solaris 8 does not include the scp(1) command and is therefore not impacted by this issue.


There are no predictable symptoms that would indicate that this issue has been exploited to execute arbitrary commands.


This issue will only occur if the scp(1) command is executed on files that have specially crafted filenames. Therefore, it may be possible to work around this issue by avoiding the use of the scp(1) command on untrusted filenames, for example, on directories that are writable by untrusted users.


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 114356-12 or later
  • Solaris 10 with patch 123324-03 or later

x86 Platform

  • Solaris 9 with patch 114357-11 or later
  • Solaris 10 with patch 123325-03 or later

Modification History
Date: 21-JUN-2007
  • Updated Contributing Factors and Resolution sections

Date: 27-JUN-2007
  • Updated Contributing Factors and Resolution sections
  • State: Resolved



This solution has no attachment