NVD Vulnerability Detail

CVE-2020-12062

Summary	The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.
Publication Date	June 2, 2020, 1:15 a.m.
Registration Date	Jan. 26, 2021, 11:51 a.m.
Last Update	Nov. 21, 2024, 1:59 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openbsd:openssh:8.2:::::::*

Related information, measures and tools

No	URL	タグ
1	https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1	Patch Third Party Advisory
2	https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894	Third Party Advisory
3	https://www.openssh.com/txt/release-8.3	Release Notes Vendor Advisory
4	https://www.openwall.com/lists/oss-security/2020/05/27/1	Mailing List Release Notes Third Party Advisory
5	https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1	Patch Third Party Advisory
6	https://www.openwall.com/lists/oss-security/2020/05/27/1	Mailing List Release Notes Third Party Advisory
7	https://www.openssh.com/txt/release-8.3	Release Notes Vendor Advisory
8	https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

OpenSSH における入力確認に関する脆弱性

Title	OpenSSH における入力確認に関する脆弱性
Summary	未確定本件は、脆弱性として確定していません。 OpenSSH には、入力確認に関する脆弱性が存在します。ベンダは、本脆弱性に対して異議を唱えています。詳細については、以下の NVD の Current Description を確認してください。 https://nvd.nist.gov/vuln/detail/CVE-2020-12062
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 1, 2020, midnight
Registration Date	June 29, 2020, 4:35 p.m.
Last Update	June 29, 2020, 4:35 p.m.

Affected System

OpenBSD

OpenSSH 8.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-12062	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062
National Vulnerability Database (NVD)
2	CVE-2020-12062	https://nvd.nist.gov/vuln/detail/CVE-2020-12062

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
GitHub
1	upstream: another case where a utimes() failure could make scp send	https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1
2	upstream: when receving a file in sink(), be careful to send at	https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894
OpenSSH
3	release-8.3	https://www.openssh.com/txt/release-8.3

Change Log

No	Changed Details	Date of change
1	[2020年06月29日] 掲載	June 29, 2020, 4:35 p.m.