An ancient OpenSSH vulnerability

An advisory from Harry Sintonen describes several vulnerabilities in thescp clients shipped with OpenSSH, PuTTY, and others. "Manyscp clients fail to verify if the objects returned by the scp server matchthose it asked for. This issue dates back to 1983 and rcp, on which scp isbased. A separate flaw in the client allows the target directory attributesto be changed arbitrarily. Finally, two vulnerabilities in clients mayallow server to spoof the client output." The outcome is that ahostile (or compromised) server can overwrite arbitrary files on the clientside. There do not yet appear to be patches available to address theseproblems.