Search for vulnerabilities
Vulnerability details: VCID-8u7k-7tf2-aaaa
Vulnerability ID VCID-8u7k-7tf2-aaaa
Aliases CVE-2006-0225
Summary scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2006:0044
rhas Low https://access.redhat.com/errata/RHSA-2006:0298
rhas Important https://access.redhat.com/errata/RHSA-2006:0698
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.01156 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.01222 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.01222 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
epss 0.01222 https://api.first.org/data/v1/epss?cve=CVE-2006-0225
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=168167
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2006-0225
Reference id Reference type URL
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
http://docs.info.apple.com/article.html?artnum=305214
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0225.json
https://api.first.org/data/v1/epss?cve=CVE-2006-0225
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
http://secunia.com/advisories/18579
http://secunia.com/advisories/18595
http://secunia.com/advisories/18650
http://secunia.com/advisories/18736
http://secunia.com/advisories/18798
http://secunia.com/advisories/18850
http://secunia.com/advisories/18910
http://secunia.com/advisories/18964
http://secunia.com/advisories/18969
http://secunia.com/advisories/18970
http://secunia.com/advisories/19159
http://secunia.com/advisories/20723
http://secunia.com/advisories/21129
http://secunia.com/advisories/21262
http://secunia.com/advisories/21492
http://secunia.com/advisories/21724
http://secunia.com/advisories/22196
http://secunia.com/advisories/23241
http://secunia.com/advisories/23340
http://secunia.com/advisories/23680
http://secunia.com/advisories/24479
http://secunia.com/advisories/25607
http://secunia.com/advisories/25936
http://securityreason.com/securityalert/462
http://securitytracker.com/id?1015540
https://exchange.xforce.ibmcloud.com/vulnerabilities/24305
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:034
http://www.novell.com/linux/security/advisories/2006_08_openssh.html
http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html
http://www.osvdb.org/22692
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html
http://www.redhat.com/support/errata/RHSA-2006-0044.html
http://www.redhat.com/support/errata/RHSA-2006-0298.html
http://www.redhat.com/support/errata/RHSA-2006-0698.html
http://www.securityfocus.com/archive/1/425397/100/0/threaded
http://www.securityfocus.com/bid/16369
http://www.trustix.org/errata/2006/0004
http://www.ubuntu.com/usn/usn-255-1
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vupen.com/english/advisories/2006/0306
http://www.vupen.com/english/advisories/2006/2490
http://www.vupen.com/english/advisories/2006/4869
http://www.vupen.com/english/advisories/2007/0930
http://www.vupen.com/english/advisories/2007/2120
168167 https://bugzilla.redhat.com/show_bug.cgi?id=168167
349645 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349645
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
CVE-2006-0225 https://nvd.nist.gov/vuln/detail/CVE-2006-0225
GLSA-200602-11 https://security.gentoo.org/glsa/200602-11
RHSA-2006:0044 https://access.redhat.com/errata/RHSA-2006:0044
RHSA-2006:0298 https://access.redhat.com/errata/RHSA-2006:0298
RHSA-2006:0698 https://access.redhat.com/errata/RHSA-2006:0698
USN-255-1 https://usn.ubuntu.com/255-1/
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-0225
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.25632
EPSS Score 0.00105
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.