Vulnerability identifier: #VU28275

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSH
Server applications / Remote management servers, RDP, SSH

Vendor: OpenSSH

Description

The vulnerability allows a remote attacker to write arbitrary files to the victim's system.

The vulnerability exists due to improper management of scp(1) when receiving files. A remote attacker who controls the filesystem, can craft a file system that will transfer different file names and contents to the actual user;s filesystem layout, when copied with scp(1) in a configuration that caused utimes(2) to fail (e.g. under a SELinux policy or syscall sandbox).

Exploitation of this vulnerability may allow a malicious attacker to overwrite files on the client's system, however requires additional conditions to be met, such as utimes(2) failure.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSH: 5.0p1 - 8.2p1

---

External links
http://www.openssh.com/txt/release-8.3

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.