Vulnerability CVE-2004-0175 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0175 (CCN-16323)

Assigned:

2000-09-01

Published:

2000-09-01

Updated:

2017-10-11

Summary:

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files.
Note: this may be a rediscovery of CVE-2000-0992.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: SCO
Type: UNKNOWN
SCOSA-2006.11

Source: MITRE
Type: CNA
CVE-2004-0175

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:831
openssh - Vulnerability in the scp command

Source: CONECTIVA
Type: UNKNOWN
CLSA-2004:831

Source: CCN
Type: RHSA-2005-074
rsh security update

Source: CCN
Type: RHSA-2005-106
openssh security update

Source: CCN
Type: RHSA-2005-165
rsh security update

Source: CCN
Type: RHSA-2005-481
openssh security update

Source: CCN
Type: RHSA-2005-495
rsh security update

Source: CCN
Type: RHSA-2005-562
krb5 security update

Source: CCN
Type: RHSA-2005-567
krb5 security update

Source: SECUNIA
Type: UNKNOWN
17135

Source: SECUNIA
Type: UNKNOWN
19243

Source: CCN
Type: CIAC Information Bulletin O-212
Apple Security Update

Source: CIAC
Type: UNKNOWN
O-212

Source: CONFIRM
Type: UNKNOWN
http://www.juniper.net/support/security/alerts/adv59739.txt

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:100

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:191

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:009

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: OSVDB
Type: UNKNOWN
9550

Source: CCN
Type: OSVDB ID: 9550
OpenSSH scp Traversal Arbitrary File Overwrite

Source: REDHAT
Type: UNKNOWN
RHSA-2005:074

Source: REDHAT
Type: UNKNOWN
RHSA-2005:106

Source: REDHAT
Type: UNKNOWN
RHSA-2005:165

Source: REDHAT
Type: UNKNOWN
RHSA-2005:481

Source: REDHAT
Type: UNKNOWN
RHSA-2005:495

Source: REDHAT
Type: UNKNOWN
RHSA-2005:562

Source: REDHAT
Type: UNKNOWN
RHSA-2005:567

Source: BID
Type: Patch, Vendor Advisory
9986

Source: CCN
Type: BID-9986
RCP, OpenSSH SCP Client File Corruption Vulnerability

Source: CCN
Type: TLSA-2005-79
Directory Traversal Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147

Source: XF
Type: UNKNOWN
openssh-scp-file-overwrite(16323)

Source: XF
Type: UNKNOWN
openssh-scp-file-overwrite(16323)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10184

Vulnerable Configuration:

Configuration 1:

cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

AND

cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:conectiva:linux:1.0.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.5.22m:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:sgi:irix:6.5.21m:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.5.21f:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

OR cpe:/o:sgi:irix:6.5.20f:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.5.20m:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040175	V	CVE-2004-0175	2015-11-16
oval:org.mitre.oval:def:10184	V	Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.	2013-04-29
oval:com.redhat.rhsa:def:20050567	P	RHSA-2005:567: krb5 security update (Important)	2007-01-26
oval:com.redhat.rhsa:def:20050562	P	RHSA-2005:562: krb5 security update (Critical)	2007-01-26
oval:com.redhat.rhsa:def:20050165	P	RHSA-2005:165: rsh security update (Low)	2005-06-08
oval:com.redhat.rhsa:def:20050074	P	RHSA-2005:074: rsh security update (Low)	2005-05-18
oval:com.redhat.rhsa:def:20050106	P	RHSA-2005:106: openssh security update (Low)	2005-05-18