File Overwrite Vulnerability in OpenSSH 8.2 Scp Client
CVE-2020-12062

7.5HIGH

Key Information:

Vendor
OpenBSD
Status
Openssh
Vendor
CVE Published:
1 June 2020

Summary

The scp client in OpenSSH 8.2 exhibits a vulnerability that allows a malicious unprivileged user on a remote server to overwrite files in the client's download directory. This occurs due to the improper handling of responses during the utimes system call. If a victim employs the 'scp -rp' command to download a file hierarchy and the hierarchy contains a crafted subdirectory created by the attacker, this can lead to unintended file manipulation. Although the vendor notes that this exploit requires the attacker to have certain permissions under the scp protocol, it still poses a potential risk to users.

References

https://www.openwall.com/lists/oss-security/2020/05/27/1
x_refsource_MISC
https://www.openssh.com/txt/release-8.3
x_refsource_MISC
https://github.com/openssh/openssh-portable/commit/955854...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.