CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Published : 2019-01-10 21:29 Updated : 2019-04-25 12:55

2.6
CVSS Score More info
Score 2.6 / 10
2.6
Vendor Product Version URI
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Oracle Solaris 10 cpe:/o:oracle:solaris:10
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
Openbsd Openssh 7.9 cpe:/a:openbsd:openssh:7.9
Netapp Cloud Backup - cpe:/a:netapp:cloud_backup:-
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Ontap Select Deploy - cpe:/a:netapp:ontap_select_deploy:-
Netapp Steelstore Cloud Integrated Storage - cpe:/a:netapp:steelstore_cloud_integrated_storage:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Winscp Winscp 5.13 cpe:/a:winscp:winscp:5.13
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
  1. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.9
  2. Netapp (5) Search CVE
    1. Steelstore Cloud Integrated Storage (1) Search CVE
      1. -
    2. Element Software (1) Search CVE
      1. -
    3. Ontap Select Deploy (1) Search CVE
      1. -
    4. Cloud Backup (1) Search CVE
      1. -
    5. Storage Automation Store (1) Search CVE
      1. -
  3. Winscp (1) Search CVE
    1. Winscp (1) Search CVE
      1. 5.13
  4. Oracle (1) Search CVE
    1. Solaris (1) Search CVE
      1. 10
  5. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
      4. 18.10
  6. Redhat (1) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 7.0
  7. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-04-25 12:55
2019-04-23 19:32
2019-03-25 16:29
2019-03-21 16:00
2019-02-26 21:24
2019-02-16 11:29
2019-02-10 11:29
2019-02-09 11:29
2019-01-31 18:29
2019-01-29 15:46
2019-01-12 11:29
2019-01-10 21:29

New CVE