CVE-2018-20685

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.securityfocus.com/bid/106531 Broken Link
https://access.redhat.com/errata/RHSA-2019:3702 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf Patch Third Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h Patch
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201903-16 Third Party Advisory
https://security.gentoo.org/glsa/202007-53 Third Party Advisory
https://security.netapp.com/advisory/ntap-20190215-0001/ Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Patch Third Party Advisory
https://usn.ubuntu.com/3885-1/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4387 Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch Third Party Advisory
http://www.securityfocus.com/bid/106531 Broken Link
https://access.redhat.com/errata/RHSA-2019:3702 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf Patch Third Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h Patch
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Patch
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201903-16 Third Party Advisory
https://security.gentoo.org/glsa/202007-53 Third Party Advisory
https://security.netapp.com/advisory/ntap-20190215-0001/ Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Patch Third Party Advisory
https://usn.ubuntu.com/3885-1/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4387 Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:01

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/106531 - Broken Link () http://www.securityfocus.com/bid/106531 - Broken Link
References () https://access.redhat.com/errata/RHSA-2019:3702 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2019:3702 - Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - Patch, Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - Patch, Third Party Advisory
References () https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h - Patch () https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h - Patch
References () https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 - Patch () https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 - Patch
References () https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html - Mailing List, Third Party Advisory
References () https://security.gentoo.org/glsa/201903-16 - Third Party Advisory () https://security.gentoo.org/glsa/201903-16 - Third Party Advisory
References () https://security.gentoo.org/glsa/202007-53 - Third Party Advisory () https://security.gentoo.org/glsa/202007-53 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20190215-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20190215-0001/ - Third Party Advisory
References () https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt - Patch, Third Party Advisory () https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt - Patch, Third Party Advisory
References () https://usn.ubuntu.com/3885-1/ - Third Party Advisory () https://usn.ubuntu.com/3885-1/ - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4387 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4387 - Third Party Advisory
References () https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory () https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory
References () https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory () https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory
Information

Published : 2019-01-10 21:29

Updated : 2024-11-21 04:01

NVD link : CVE-2018-20685

Mitre link : CVE-2018-20685

CVE.ORG link : CVE-2018-20685

JSON object : View

Products Affected

debian

  • debian_linux

oracle

  • solaris

redhat

  • enterprise_linux_server_tus
  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux

netapp

  • element_software
  • cloud_backup
  • storage_automation_store
  • ontap_select_deploy
  • steelstore_cloud_integrated_storage

fujitsu

  • m10-4s_firmware
  • m10-4_firmware
  • m12-2s
  • m12-2s_firmware
  • m12-1_firmware
  • m10-4
  • m10-4s
  • m12-2
  • m10-1
  • m12-2_firmware
  • m12-1
  • m10-1_firmware

openbsd

  • openssh

canonical

  • ubuntu_linux

siemens

  • scalance_x204rna
  • scalance_x204rna_eec
  • scalance_x204rna_firmware
  • scalance_x204rna_eec_firmware

winscp

  • winscp
CWE
CWE-863

Incorrect Authorization