1121571 – (CVE-2018-20685) VUL-0: CVE-2018-20685: openssh: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions

Bug 1121571 (CVE-2018-20685) - VUL-0: CVE-2018-20685: openssh: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions

Summary: VUL-0: CVE-2018-20685: openssh: scp.c in the scp client allows remote SSH ser...

Status:	RESOLVED FIXED

Alias:	CVE-2018-20685

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Deadline:	2019-02-21
Assignee:	Hans Petter Jansson
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/222633/
Whiteboard:	CVSSv3:SUSE:CVE-2018-20685:7.3:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-01-11 09:58 UTC by Karol Babioch
Modified:	2024-05-24 11:15 UTC (History)
CC List:	8 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2019-01-11 09:58:11 UTC

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass
intended access restrictions via the filename of . or an empty filename.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20685
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h

Comment 1 Karol Babioch 2019-01-11 10:05:55 UTC

The vulnerable code was introduced (and not touched since) with upstream commit bddc2b017, which was on Apr 19 2004. It has been part of each release since 3.9, so basically all of our versions are affected by this.

Comment 15 Swamp Workflow Management 2019-01-18 17:12:09 UTC

SUSE-SU-2019:0125-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssh-6.6p1-54.26.1, openssh-askpass-gnome-6.6p1-54.26.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.26.1, openssh-askpass-gnome-6.6p1-54.26.1

Comment 16 Swamp Workflow Management 2019-01-18 17:15:20 UTC

SUSE-SU-2019:0126-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    openssh-7.6p1-9.13.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    openssh-7.6p1-9.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    openssh-askpass-gnome-7.6p1-9.13.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    openssh-7.6p1-9.13.1

Comment 17 Swamp Workflow Management 2019-01-18 20:09:55 UTC

SUSE-SU-2019:13931-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-36.12.1, openssh-askpass-gnome-6.6p1-36.12.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-36.12.1, openssh-askpass-gnome-6.6p1-36.12.1

Comment 18 Swamp Workflow Management 2019-01-21 14:12:18 UTC

SUSE-SU-2019:0132-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE OpenStack Cloud 7 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP4 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP3 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Enterprise Storage 4 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE CaaS Platform ALL (src):    openssh-7.2p2-74.35.1
SUSE CaaS Platform 3.0 (src):    openssh-7.2p2-74.35.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.35.1

Comment 20 Swamp Workflow Management 2019-01-28 14:09:13 UTC

openSUSE-SU-2019:0091-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
openSUSE Leap 15.0 (src):    openssh-7.6p1-lp150.8.9.1, openssh-askpass-gnome-7.6p1-lp150.8.9.1

Comment 21 Swamp Workflow Management 2019-01-29 14:13:24 UTC

openSUSE-SU-2019:0093-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
openSUSE Leap 42.3 (src):    openssh-7.2p2-29.1, openssh-askpass-gnome-7.2p2-29.1

Comment 24 Swamp Workflow Management 2019-02-14 13:35:32 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2019-02-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64210

Comment 25 Swamp Workflow Management 2019-04-29 10:19:25 UTC

SUSE-SU-2019:0125-2: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssh-6.6p1-54.26.1, openssh-askpass-gnome-6.6p1-54.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Robert Frohl 2021-12-06 08:24:01 UTC

missing for SUSE:SLE-11-SP3:Update/openssh-openssl1

Comment 32 Alexander Bergmann 2024-05-24 11:15:22 UTC

Released. Closing bug.