scp client in OpenSSH 8.2 incorrectly sends duplicate responses upon a utimes system call failure - INRAE - Institut national de recherche pour l’agriculture, l’alimentation et l’environnement Accéder directement au contenu
Autre Publication Scientifique Année : 2020

scp client in OpenSSH 8.2 incorrectly sends duplicate responses upon a utimes system call failure

Résumé

** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances."

Domaines

Cryptographie et sécurité [cs.CR]

Daniel Goujot  : Connectez-vous pour contacter le contributeur

https://hal.inrae.fr/hal-03321262

Soumis le : mardi 17 août 2021-12:40:24

Dernière modification le : lundi 22 avril 2024-15:43:15

Fichier non déposé

Dates et versions

hal-03321262 , version 1 (17-08-2021)

Identifiants

  • HAL Id : hal-03321262 , version 1

Citer

Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, David Naccache. scp client in OpenSSH 8.2 incorrectly sends duplicate responses upon a utimes system call failure: CVE-2020-12062. 2020. ⟨hal-03321262⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CEA ENS-PARIS AGROPARISTECH DAM CEA-UPSAY PSL UNIV-PARIS-SACLAY CEA-DRF INRAE SAYFOOD GS-ENGINEERING GS-BIOSPHERA MICA-UNITES
78 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More