CVE-2018-20685

Source
Severity High
Remote Yes
Type Insufficient validation
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
Group Package Affected Fixed Severity Status Ticket
AVG-849 openssh 7.9p1-1 High Vulnerable
References
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt