CVE-2018-20685
Published: 10 January 2019
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Notes
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
mdeslaur | The recommended workaround for this issue is to switch to using sftp instead of scp. |
Priority
Status
Package | Release | Status |
---|---|---|
openssh-ssh1 Launchpad, Ubuntu, Debian |
groovy |
Ignored
(end of life)
|
hirsute |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
bionic |
Needs triage
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(frozen on openssh 7.5p)
|
|
xenial |
Does not exist
|
|
openssh Launchpad, Ubuntu, Debian |
hirsute |
Released
(1:7.9p1-5)
|
jammy |
Released
(1:7.9p1-5)
|
|
kinetic |
Released
(1:7.9p1-5)
|
|
bionic |
Released
(1:7.6p1-4ubuntu0.2)
|
|
cosmic |
Released
(1:7.7p1-4ubuntu0.2)
|
|
disco |
Released
(1:7.9p1-5)
|
|
eoan |
Released
(1:7.9p1-5)
|
|
focal |
Released
(1:7.9p1-5)
|
|
groovy |
Released
(1:7.9p1-5)
|
|
impish |
Released
(1:7.9p1-5)
|
|
lunar |
Released
(1:7.9p1-5)
|
|
trusty |
Released
(1:6.6p1-2ubuntu2.12)
|
|
upstream |
Released
(1:7.9p1-5)
|
|
xenial |
Released
(1:7.2p2-4ubuntu2.7)
|
|
Patches: upstream: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 upstream: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |