BID:106531

OpenSSH CVE-2018-20685 Access Bypass Vulnerability

CVE-2018-20685 |

Info

OpenSSH CVE-2018-20685 Access Bypass Vulnerability

Bugtraq ID:	106531
Class:	Access Validation Error
CVE:	CVE-2018-20685
Remote:	Yes
Local:	No
Published:	Jan 10 2019 12:00AM
Updated:	Apr 18 2019 12:00PM
Credit:	Harry Sintonen
Vulnerable:	Redhat Enterprise Linux 7 Oracle Solaris 10 OpenSSH OpenSSH 7.9 F5 Traffix SDC 5.1 F5 Traffix SDC 5.0 F5 Traffix SDC 4.4

Not Vulnerable:

Discussion

OpenSSH CVE-2018-20685 Access Bypass Vulnerability

OpenSSH is prone to an access-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

OpenSSH version 7.9 is vulnerable.

Exploit / POC

OpenSSH CVE-2018-20685 Access Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

OpenSSH CVE-2018-20685 Access Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

OpenSSH CVE-2018-20685 Access Bypass Vulnerability

References:

OpenSSH Home Page (OpenBSD)
upstream: disallow empty incoming filename or ones that refer to the (Github)
Bug 1665785 CVE-2018-20685 openssh: scp client improper directory name validatio (Redhat)
CVE-2018-20685 (Redhat)
Diff for /src/usr.bin/ssh/scp.c between version 1.197 and 1.198 ()
K11315080: OpenSSH vulnerability CVE-2018-20685 (F5)
Oracle Critical Patch Update Advisory - April 2019 (Oracle)