PT-2018-2486 · Openssh+6 · Openssh+6

Harry Sintonen

Published

2018-10-16

Updated

2025-12-17

CVE-2018-20685

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH version 7.9

Description The issue is caused by errors in checking the directory name in the scp.c file in the scp client. This allows a remote attacker to modify the access permissions of the target directory by using a filename of "." or an empty filename. The impact is that the permissions of the target directory on the client side can be modified.

Recommendations For OpenSSH version 7.9, consider disabling the scp function until a patch is available to prevent remote SSH servers from bypassing intended access restrictions. Restrict access to the scp client to minimize the risk of exploitation. Avoid using the filename parameter with "." or empty values in the affected scp client until the issue is resolved.

Fix

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

ALT-PU-2018-2598

ALT-PU-2022-2113

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4252

ALT-PU-2024-4467

ALT-PU-2024-7377

ALT-PU-2024-9513

BDU:2019-00773

CESA-2019_3702

CVE-2018-20685

DLA-1728-1

DSA-4387-1

MGASA-2019-0067

OPENSUSE-SU-2019:0091-1

OPENSUSE-SU-2019_0091-1

OPENSUSE-SU-2019_0093-1

OPENSUSE-SU-2024:11124-1

PAN-SA-2020-0002

RHSA-2019:3702

RHSA-2019_3702

ROSA-SA-2025-2551

SUSE-SU-2019:0125-1

SUSE-SU-2019:0125-2

SUSE-SU-2019:0126-1

SUSE-SU-2019:0132-1

SUSE-SU-2019:13931-1

SUSE-SU-2019_0125-1

SUSE-SU-2019_0125-2

SUSE-SU-2019_0126-1

SUSE-SU-2019_0132-1

SUSE-SU-2019_13931-1

USN-3885-1

Affected Products

Alt Linux

Centos

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2018-2486 · Openssh+6 · Openssh+6

CVE-2018-20685

Weakness Enumeration

Related Identifiers

Affected Products

References · 79