Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2020.1690
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1690)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'openssh' package(s) announced via the EulerOS-SA-2020-1690 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'openssh' package(s) announced via the EulerOS-SA-2020-1690 advisory. Vulnerability Insight: ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that 'this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol' and 'utimes does not fail under normal circumstances.'(CVE-2020-12062) Affected Software/OS: 'openssh' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12062
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.