Vulnerability CVE-2018-20685

Vulnerability CVE-2018-20685

Published: 2019-01-10

Description:

	Topic	Author	Date
Med.	SCP Server Verification Issues	Harry Sintonen	16.01.2019

Type:

(Use of Incorrectly-Resolved Name or Reference)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.6/10	2.9/10	4.9/10

Affected software
Winscp -> Winscp
Redhat -> Enterprise linux
Oracle -> Solaris
Openbsd -> Openssh
Netapp -> Cloud backup
Netapp -> Element software
Netapp -> Ontap select deploy
Netapp -> Steelstore cloud integrated storage
Netapp -> Storage automation store
Debian -> Debian linux
Canonical -> Ubuntu linux

http://www.securityfocus.com/bid/106531

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-20685

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h

https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html

https://security.gentoo.org/glsa/201903-16

https://security.netapp.com/advisory/ntap-20190215-0001/

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

https://usn.ubuntu.com/3885-1/

https://www.debian.org/security/2019/dsa-4387

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html