In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T12:05:17.712Z

Reserved: 2019-01-10T00:00:00

Link: CVE-2018-20685

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-10T21:29:00.377

Modified: 2024-11-21T04:01:59.800

Link: CVE-2018-20685

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-16T00:00:00Z

Links: CVE-2018-20685 - Bugzilla

cve-icon OpenCVE Enrichment

No data.