CVE-2020-12062

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-12062

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12062.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-12062

Related

UBUNTU-CVE-2020-12062

Withdrawn

2020-06-01T20:02:41Z

Published

2020-06-01T16:15:14Z

Modified

2025-01-15T01:42:20.096595Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.

References

Affected packages

Debian:11 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.3p1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.3p1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.3p1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/openssh/openssh-portable

Affected ranges

Type: GIT
Repo: https://github.com/openssh/openssh-portable
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

955854cafca88e0cdcd3d09ca1ad4ada465364a1

Fixed

955854cafca88e0cdcd3d09ca1ad4ada465364a1

Fixed

aad87b88fc2536b1ea023213729aaf4eaabe1894

Fixed

aad87b88fc2536b1ea023213729aaf4eaabe1894

Affected versions

Other

ABOUT_TO_ADD_INET_ATON

AFTER_FREEBSD_PAM_MERGE

AFTER_KRB5_GSSAPI_MERGE

BEFORE_FREEBSD_PAM_MERGE

BEFORE_KRB5_GSSAPI_MERGE

POST_KRB4_REMOVAL

PRE-REORDER

PRE_CYGWIN_MERGE

PRE_DAN_PATCH_MERGE

PRE_FIXPATHS_INTEGRATION

PRE_HPUX_INTEGRATION

PRE_IPV6

PRE_KRB4_REMOVAL

PRE_NEW_LOGIN_CODE

PRE_SW_KRBV

V_1_2PRE17

V_1_2_1_PRE18

V_1_2_1_PRE19

V_1_2_1_PRE20

V_1_2_1_PRE21

V_1_2_1_PRE22

V_1_2_1_PRE23

V_1_2_1_PRE24

V_1_2_1_PRE25

V_1_2_1_PRE26

V_1_2_1_PRE27

V_1_2_2

V_1_2_2_P1

V_1_2_2_PRE28

V_1_2_2_PRE29

V_1_2_3

V_1_2_3_PRE1

V_1_2_3_PRE2

V_1_2_3_PRE3

V_1_2_3_PRE4

V_1_2_3_PRE5

V_1_2_3_TEST1

V_1_2_3_TEST2

V_1_2_3_TEST3

V_1_2_PRE10

V_1_2_PRE11

V_1_2_PRE12

V_1_2_PRE13

V_1_2_PRE14

V_1_2_PRE15

V_1_2_PRE16

V_1_2_PRE4

V_1_2_PRE5

V_1_2_PRE6

V_1_2_PRE7

V_1_2_PRE8

V_1_2_PRE9

V_2_0_0_BETA1

V_2_0_0_BETA2

V_2_0_0_TEST1

V_2_1_0

V_2_1_0_P1

V_2_1_0_P2

V_2_1_0_P3

V_2_1_1_P1

V_2_1_1_P2

V_2_1_1_P3

V_2_1_1_P4

V_2_2_0_P1

V_2_3_0_P1

V_2_5_0_P1

V_2_5_1_P1

V_2_5_1_P2

V_2_5_2_P1

V_3_0_1_P1

V_3_0_P1

V_3_1_P1

V_3_2_2_P1

V_3_4_P1

V_3_6_1_P1

V_3_8_P1

V_3_9_P1

V_4_2_P1

V_5_0_P1

V_5_1_P1

V_5_2_P1

V_5_5_P1

V_5_7_P1

V_6_0_P1

V_6_1_P1

V_6_2_P1

V_6_5_P1

V_6_6_P1

V_6_8_P1

V_6_9_P1

V_7_0_P1

V_7_1_P1

V_7_2_P1

V_7_3_P1

V_7_4_P1

V_7_5_P1

V_7_6_P1

V_7_7_P1

V_7_8_P1

V_7_9_P1

V_8_0_P1

V_8_1_P1

V_8_2_P1