A Proof of Concept of the Linux command ‘scp’ client side vulnerabilities (CVE-2019-6111 + CVE-2019-6110)

SCP is a tool I use pretty much every day so to find out it had 2 high severity vulnerabilities I was quite surprised and wanted to learn more about them. I was unable to find any technical information about them online so by using the SSH ForceCommand directive I terminated the SSH connection so I could view the SCP connection raw using netcat. From this information I was able to reverse engineer the exploit details from the CVE details.

Video Tutorial

Site Build Timestamp:
2025-05-09:23:44:23.034
|
Page last updated:
2025-05-09:23:44:23.034
Loading page hits...
🐾 Copyright (C) Tom Cope 2020 - 2025 | All Rights Reserved 🏳️‍🌈
GDPR Notice - This Website does not use cookies.