6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.007 Low
EPSS
Percentile
79.8%
Severity: High
Date : 2019-04-24
CVE-ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111
Package : openssh
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-951
The package openssh before version 8.0p1-1 is vulnerable to multiple
issues including insufficient validation, arbitrary file overwrite and
content spoofing.
Upgrade to 8.0p1-1.
The problems have been fixed upstream in version 8.0p1.
None.
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to
bypass intended access restrictions via the filename of . or an empty
filename.
An issue was discovered in OpenSSH 7.9. Due to missing character
encoding in the progress display, a malicious server (or Man-in-The-
Middle attacker) can employ crafted object names to manipulate the
client output, e.g., by using ANSI control codes to hide additional
files being transferred. This affects refresh_progress_meter() in
progressmeter.c.
An issue was discovered in OpenSSH 7.9. Due to the scp implementation
being derived from 1983 rcp, the server chooses which files/directories
are sent to the client. However, the scp client only performs cursory
validation of the object name returned (only directory traversal
attacks are prevented). A malicious scp server (or Man-in-The-Middle
attacker) can overwrite arbitrary files in the scp client target
directory. If recursive operation (-r) is performed, the server can
manipulate subdirectories as well (for example, to overwrite the
.ssh/authorized_keys file).
A malicious SCP server can overwrite arbitrary files in the scp client
target directory.
https://www.openssh.com/txt/release-8.0
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
https://security.archlinux.org/CVE-2018-20685
https://security.archlinux.org/CVE-2019-6109
https://security.archlinux.org/CVE-2019-6111
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
security.archlinux.org/AVG-951
security.archlinux.org/CVE-2018-20685
security.archlinux.org/CVE-2019-6109
security.archlinux.org/CVE-2019-6111
sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
www.openssh.com/txt/release-8.0
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.007 Low
EPSS
Percentile
79.8%