Incorrect Authorization in openssh

Do your applications use this vulnerable package? Test your applications

Overview

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

References

CVE Details
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
GENTOO
Gentoo Security Advisory
GitHub Commit
MISC
MISC
Netapp Security Advisory
Oracle Security Advisory
Oracle Security Advisory
REDHAT
RedHat Bugzilla Bug
Security Focus
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

High
Availability

None

CVE: CVE-2018-20685
CWE: CWE-863
Snyk ID: SNYK-DEBIAN9-OPENSSH-368598
Disclosed: 10 Jan, 2019
Published: 10 Jan, 2019

Incorrect Authorization
Affecting openssh package, versions <1:7.4p1-10+deb9u5

Overview

References

CVSS Score

Incorrect Authorization Affecting openssh package, versions <1:7.4p1-10+deb9u5

Overview

References

Incorrect Authorization
Affecting openssh package, versions <1:7.4p1-10+deb9u5