vulnerability

Oracle Linux: CVE-2018-20685: ELSA-2019-3702: openssh security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:N)
Published
2018-11-16
Added
2022-10-05
Modified
2024-11-29

Description

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Solution(s)

oracle-linux-upgrade-opensshoracle-linux-upgrade-openssh-askpassoracle-linux-upgrade-openssh-cavsoracle-linux-upgrade-openssh-clientsoracle-linux-upgrade-openssh-keycatoracle-linux-upgrade-openssh-ldaporacle-linux-upgrade-openssh-serveroracle-linux-upgrade-pam-ssh-agent-auth
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.