Learn about the OpenSSH 8.2 scp client vulnerability (CVE-2020-12062) allowing remote unprivileged users to overwrite files in the client's download directory. Find mitigation steps and affected systems.
OpenSSH 8.2's scp client vulnerability allows a remote unprivileged user to overwrite files in the client's download directory. Learn about the impact, affected systems, and mitigation steps.
Understanding CVE-2020-12062
OpenSSH 8.2's scp client vulnerability
What is CVE-2020-12062?
The scp client in OpenSSH 8.2 sends duplicate responses to the server upon a utimes system call failure, enabling a malicious unprivileged user on the remote server to overwrite files in the client's download directory by creating a crafted subdirectory.
The Impact of CVE-2020-12062
Technical Details of CVE-2020-12062
Details of the vulnerability
Vulnerability Description
Affected Systems and Versions
Exploitation Mechanism
Mitigation and Prevention
Protecting against CVE-2020-12062
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates