An ancient OpenSSH vulnerability

An advisory from Harry Sintonen describes several vulnerabilities in the
scp clients shipped with OpenSSH, PuTTY, and others. 'Many
scp clients fail to verify if the objects returned by the scp server match
those it asked for. This issue dates back to 1983 and rcp, on which scp is
based. A separate flaw in the client allows the target directory attributes
to be changed arbitrarily. Finally, two vulnerabilities in clients may
allow server to spoof the client output.' The outcome is that a
hostile (or compromised) server can overwrite arbitrary files on the client
side. There do not yet appear to be patches available to address these
problems.