Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management

Summary

OpenSSH is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE.

Vulnerability Details

CVEID:CVE-2020-15778
**DESCRIPTION:**OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. By opening a specially crafted file containing backtick characters in the destination argument, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185805 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

None

Workarounds and Mitigations

The way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems.
Therefore to mitigate CVE-2020-15778 we suggest below method to copy files and directories between two servers.

• To copy a file from local host to remote host:

cd file_dir_path
tar zcf - file_name | ssh user@remote_host ‘tar zxf - -C remote_dir_path’

file_dir_path : path to the directory where the file ‘file_name’ exists
file_name : name of the file that needs to be copied
remote_dir_path : destination path in the remote host where file_name has to be pasted

Example:
[root@nzhost ~]# ll local_dir/simple.txt
-rw-r–r-- 1 root root 6 Sep 23 08:45 local_dir/simple.txt
[root@nzhost ~]#cd local_dir
[root@nzhost local_dir]# tar zcf - simple.txt | ssh root@ha2 ‘tar zxf - -C /root/remote_dir’

• To copy a file from remote host to local host:

ssh root@remote_host ‘cd /file_dir_path ; tar zcf - file_name’ | tar zxf - -C local_dir_path

file_dir_path : path to the directory in the remote host where file_name exists
local_dir_path : path in the local host where file ‘file_name’ has to be pasted

** Example:**
[root@nzhost ~]# ssh root@ha2 ‘cd /root/remote_dir; tar zcf - pullme.txt’ | tar zxf - -C /root/local_dir

• To copy a local directory and its contents from local host to remote host:

cd dir_containing_local_dir
tar zcf - local_dir | ssh user@remote_host ‘tar zxf - -C remote_dir_path’

dir_containing_local_dir : path to the directory that contains local_dir
local_dir : directory that needs to be copied
remote_dir_path : destination path in the remote host where local_dir has to be pasted

Example:
[root@nzhost /]# ll -d /root/local_dir/
drwxr-xr-x 4 root root 4096 Sep 25 03:00 /root/local_dir/
[root@nzhost /]# cd /root;
[root@nzhost ~]# tar zcf - local_dir | ssh root@ha2 ‘tar zxf - -C /root/remote_dir’

• To copy a remote directory and its contents from remote host to local host:

ssh root@remote_host ‘cd /dir_containing_remote_dir; tar zcf - remote_dir’ | tar zxf - -C local_dir_path

dir_containing_remote_dir : path to the directory in the remote host that contains remote_dir
remote_dir : directory that need to be copied
local_dir_path : path in the local host where remote_dir has to be pasted

** Example:**
[root@nzhost ~]# ssh root@ha2 ‘cd /root; tar zcf - remote_dir’ | tar zxf - -C /root/local_dir