Full title: OpenSSH On Cygwin SFTP Client Directory Traversal Vulnerability 
Category: local exploits
Platform: linux
Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names &quot;.&quot; and &quot;..&quot; (in download_dir_internal()). On Windows, including in Cygwin, backslashes can a lso be used for directory traversal.

# 0day.today @ http://0day.today/