You are running OpenSSH 1.2.3, or 1.2. This version has directory traversal vulnerability in scp, it allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

Patch and New version are available from SSH/OpenSSH.