Name of the Vulnerable Software and Affected Versions:

OpenSSH version 8.2

Description:

The issue arises from the scp client in OpenSSH incorrectly sending duplicate responses to the server upon a utimes system call failure. This allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. It is noted that this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol and utimes does not fail under normal circumstances.

Recommendations:

As a temporary workaround, consider restricting the use of the scp -rp command until a patch is available.

Avoid using the scp client to download file hierarchies from untrusted sources.

Restrict access to the download directory to minimize the risk of exploitation.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.