Openssh 7.4 P1



7.4

Failed to connect to the host via ssh: OpenSSH7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /root/.ssh/config debug1: Reading configuration data /etc/ssh/sshconfig. SSH comes in two versions: SSH protocol 1 and protocol 2. SSH protocol 2 was introduced in 2006 and is more secure than protocol 1 thanks to its strong cryptographic checks, bulk encryption and robust algorithms. By default, SSH uses protocol 1. To change this to the more secure Protocol 2, add the line below to the configuration file: Protocol 2. Check current installed ssh version: dpkg -l grep openssh ii openssh-client 1:6.6p1-2ubuntu2.8 amd64 secure shell (SSH) client, for secure access to remote machines ii openssh-server 1:6.6p1-2ubunt.

Contents

Installed Programs:scp, sftp, slogin (symlink to ssh), ssh, ssh-add, ssh-agent, ssh-copy-id, ssh-keygen, ssh-keyscan, and sshd
Installed Directories:/etc/ssh, /usr/share/doc/openssh-7.4p1, and /var/lib/sshd

Short Descriptions

scp

is a file copy program that acts like rcp except it uses an encrypted protocol.

sftp

is an FTP-like program that works over the SSH1 and SSH2 protocols.

slogin

is a symlink to ssh.

ssh

is an rlogin/rsh-like client program except it uses an encrypted protocol.

sshd

is a daemon that listens for ssh login requests.

ssh-add

is a tool which adds keys to the ssh-agent.

ssh-agent

is an authentication agent that can store private keys.

ssh-copy-id

is a script that enables logins on remote machine using local keys.

ssh-keygen

is a key generation tool.

ssh-keyscan

is a utility for gathering public host keys from a number of hosts.

Current Description

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of 'anomalous argument transfers' because that could 'stand a great chance of breaking existing workflows.'


Analysis Description

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of 'anomalous argument transfers' because that could 'stand a great chance of breaking existing workflows.'

Openssh 7.4 Protocol 2.0

Severity

CVSS 3.x Severity and Metrics:

Openssh 7.2p2 Exploit


Openssh 7.4 Protocol 2.0 Exploit

NIST:NVD

Openssh 7.6p1 Exploit

Vector:NVD

Openssh 7.4 P1102w

Vector:HyperlinkResourcehttps://github.com/cpandya2909/CVE-2020-15778/ExploitThird Party Advisoryhttps://news.ycombinator.com/item?id=25005567Third Party Advisoryhttps://security.netapp.com/advisory/ntap-20200731-0007/Third Party Advisoryhttps://www.openssh.com/security.htmlVendor Advisory

Weakness Enumeration

7.4
CWE-IDCWE NameSource
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')NIST

Known Affected Software Configurations Switch to CPE 2.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes