In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
2019-01-10T21:29:00.377
2024-11-21T04:01:59.800
Modified
CVSSv3.1: 5.3 (MEDIUM)
AV:N/AC:H/Au:N/C:N/I:P/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openbsd | openssh | ≤ 7.9 | Yes |
| Application | winscp | winscp | ≤ 5.13 | Yes |
| Application | netapp | cloud_backup | - | Yes |
| Application | netapp | element_software | - | Yes |
| Application | netapp | ontap_select_deploy | - | Yes |
| Application | netapp | steelstore_cloud_integrated_storage | - | Yes |
| Application | netapp | storage_automation_store | - | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.10 | Yes |
| Operating System | redhat | enterprise_linux | 7.0 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.1 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.6 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.6 | Yes |
| Operating System | oracle | solaris | 10 | Yes |
| Operating System | fujitsu | m10-1_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m10-1 | - | No |
| Operating System | fujitsu | m10-4_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m10-4 | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m12-1_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m12-1 | - | No |
| Operating System | fujitsu | m12-2_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m12-2 | - | No |
| Operating System | fujitsu | m12-2s_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m12-2s | - | No |
| Operating System | fujitsu | m10-1_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-1 | - | No |
| Operating System | fujitsu | m10-4_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-4 | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m12-1_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m12-1 | - | No |
| Operating System | fujitsu | m12-2_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m12-2 | - | No |
| Operating System | fujitsu | m12-2s_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m12-2s | - | No |
| Operating System | siemens | scalance_x204rna_firmware | < 3.2.7 | Yes |
| Hardware | siemens | scalance_x204rna | - | No |
| Operating System | siemens | scalance_x204rna_eec_firmware | < 3.2.7 | Yes |
| Hardware | siemens | scalance_x204rna_eec | - | No |