Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20685

Опубликовано: 16 нояб. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Отчет

This issue affects the scp client shipped with openssh. The SSH protocol or the SSH client is not affected. For more detailed analysis please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1665785#c4

Меры по смягчению последствий

This issue only affects the users of scp binary which is a part of openssh-clients package. Other usage of SSH protocol or other ssh clients is not affected. Administrators can uninstall openssh-clients for additional protection against accidental usage of this binary. Removing the openssh-clients package will make binaries like scp and ssh etc unavailable on that system. Note: To exploit this flaw, the victim needs to connect to a malicious SSH server or MITM (Man-in-the-middle) the scp connection, both of which can be detected by the system administrator via a change in the host key of the SSH server. Further, if connections via scp are made to only trusted SSH servers, then those use-cases are not vulnerable to this security flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensshOut of support scope
Red Hat Enterprise Linux 6opensshOut of support scope
Red Hat Enterprise Linux 7opensshWill not fix
Red Hat Enterprise Linux 8opensshFixedRHSA-2019:370205.11.2019
Red Hat Enterprise Linux 8opensshFixedRHSA-2019:370205.11.2019

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1665785openssh: scp client improper directory name validation

EPSS

Процентиль: 87%
0.03249
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.3
ubuntu
больше 6 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS3: 5.3
nvd
больше 6 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS3: 5.3
debian
больше 6 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...

CVSS3: 5.3
github
больше 3 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS3: 5.3
fstec
почти 7 лет назад

Уязвимость средства криптографической защиты OpenSSH, вызваная ошибками при проверке имени каталога scp.c в клиенте scp, позволяющая нарушителю изменить права доступа к целевому каталогу

EPSS

Процентиль: 87%
0.03249
Низкий

5.3 Medium

CVSS3