Detections
Analytics

OpenSSH 7.x < 7.5 Directory Traversal

medium Nessus Network Monitor Plugin ID 700019

Synopsis

The remote SSH server may be affected by a directory traversal attack vector.

Description

The installed version of OpenSSH is 7.x prior to 7.5 and is affected by a flaw in the 'do_lsreaddir()' function in 'sftp-client.c' that allows traversing outside of a restricted path. The issue is due to the sftp-client not properly sanitizing input from a remote server, specifically backslashes during a recursive file transfer. This may allow a context-dependent attacker to create or overwrite files outside of the intended target directory.

Solution

Upgrade to OpenSSH 7.x version 7.5 or later.

See Also

http://www.openssh.com/txt/release-7.5

Plugin Details

Severity: Medium

ID: 700019

Family: SSH

Published: 3/22/2017

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 3/20/2017

Vulnerability Publication Date: 3/20/2017