vulnerability
Oracle Linux: CVE-2018-20685: ELSA-2019-3702: openssh security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:H/Au:N/C:C/I:N/A:N) | 2018-11-16 | 2022-10-05 | 2024-11-29 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:N)
Published
2018-11-16
Added
2022-10-05
Modified
2024-11-29
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Solution(s)
oracle-linux-upgrade-opensshoracle-linux-upgrade-openssh-askpassoracle-linux-upgrade-openssh-cavsoracle-linux-upgrade-openssh-clientsoracle-linux-upgrade-openssh-keycatoracle-linux-upgrade-openssh-ldaporacle-linux-upgrade-openssh-serveroracle-linux-upgrade-pam-ssh-agent-auth

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.