Skip to Main content Skip to Navigation
Other publications

scp client in OpenSSH 8.2 incorrectly sends duplicate responses upon a utimes system call failure: CVE-2020-12062

Abstract : ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances."
Document type :
Other publications
Complete list of metadata

https://hal.inrae.fr/hal-03321262
Contributor : Daniel Goujot <>
Submitted on : Tuesday, August 17, 2021 - 12:40:24 PM
Last modification on : Tuesday, September 7, 2021 - 3:44:07 PM

Identifiers

  • HAL Id : hal-03321262, version 1

Citation

Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, David Naccache. scp client in OpenSSH 8.2 incorrectly sends duplicate responses upon a utimes system call failure: CVE-2020-12062. 2020. ⟨hal-03321262⟩

Share

Metrics

Record views

28