CVE-2018-20685

Note

openssh-ssh1 is provided for compatibility with old devices that
cannot be upgraded to modern protocols. Thus we may not provide security
support for this package if doing so would prevent access to equipment.

Package	Release	Status
openssh Launchpad, Ubuntu, Debian	bionic	Released (1:7.6p1-4ubuntu0.2)
	cosmic	Released (1:7.7p1-4ubuntu0.2)
	disco	Released (1:7.9p1-5)
	eoan	Released (1:7.9p1-5)
	focal	Released (1:7.9p1-5)
	groovy	Released (1:7.9p1-5)
	hirsute	Released (1:7.9p1-5)
	impish	Released (1:7.9p1-5)
	jammy	Released (1:7.9p1-5)
	kinetic	Released (1:7.9p1-5)
	lunar	Released (1:7.9p1-5)
	mantic	Released (1:7.9p1-5)
	trusty	Released (1:6.6p1-2ubuntu2.12)
	upstream	Released (1:7.9p1-5)
	xenial	Released (1:7.2p2-4ubuntu2.7)
	Patches: upstream: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 upstream: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
openssh-ssh1 Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Ignored (frozen on openssh 7.5p)
	xenial	Does not exist

Parameter	Value
Base score	5.3
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CVE-2018-20685

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading