CVE-2018-20685

Note

openssh-ssh1 is provided for compatibility with old devices that
cannot be upgraded to modern protocols. Thus we may not provide security
support for this package if doing so would prevent access to equipment.

Package	Release	Status
openssh-ssh1 Launchpad, Ubuntu, Debian	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	jammy	Needs triage
	impish	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	lunar	Needs triage
	trusty	Does not exist
	upstream	Ignored (frozen on openssh 7.5p)
	xenial	Does not exist
openssh Launchpad, Ubuntu, Debian	hirsute	Released (1:7.9p1-5)
	jammy	Released (1:7.9p1-5)
	kinetic	Released (1:7.9p1-5)
	bionic	Released (1:7.6p1-4ubuntu0.2)
	cosmic	Released (1:7.7p1-4ubuntu0.2)
	disco	Released (1:7.9p1-5)
	eoan	Released (1:7.9p1-5)
	focal	Released (1:7.9p1-5)
	groovy	Released (1:7.9p1-5)
	impish	Released (1:7.9p1-5)
	lunar	Released (1:7.9p1-5)
	trusty	Released (1:6.6p1-2ubuntu2.12)
	upstream	Released (1:7.9p1-5)
	xenial	Released (1:7.2p2-4ubuntu2.7)
	Patches: upstream: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 upstream: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h

Parameter	Value
Base score	5.3
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Security

CVE-2018-20685

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading