SB20220615139 - Anolis OS update for openssh

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20220615139

SB20220615139 - Anolis OS update for openssh

Published: June 15, 2022 Updated: March 28, 2025

Security Bulletin ID SB20220615139
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2018-20685)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper validation of filenames by the scp.c source code file in the SCP client . A remote unauthenticated attacker can trick the victim into accessing a file with the filename of . or an empty filename from an attacker-controlled Secure Shell (SSH) server to bypass access restrictions on the system, which could be used to conduct further attacks.


2) Spoofing attack (CVE-ID: CVE-2019-6109)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to accepting and displaying arbitrary stderr output from the scp server by the scp client. A malicious SCP server can use the object name to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

3) Security restrictions bypass (CVE-ID: CVE-2019-6111)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to missing received object name validation by the scp client. A malicious SCP server can overwrite arbitrary files in the SCP client target directory. If a recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).



4) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-14145)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in openssh client during algorithm negotiation due to observable discrepancy. A remote attacker can perform a Man-in-the-Middle (MitM) attack.


5) Improper Privilege Management (CVE-ID: CVE-2021-41617)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References