Table of Contents
This issue affects the scp client shipped with openssh. The SSH protocol or the SSH client is not affected. For more detailed analysis please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1666127#c2
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||5.3|
|CVSS3 Base Metrics||CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N|
Affected Packages State
|Red Hat Enterprise Linux 8||openssh||Affected|
|Red Hat Enterprise Linux 7||openssh||Will not fix|
|Red Hat Enterprise Linux 6||openssh||Out of support scope|
|Red Hat Enterprise Linux 5||openssh||Out of support scope|
This issue only affects the users of scp binary which is a part of openssh-clients package. Other usage of SSH protocol or other ssh clients is not affected. Administrators can uninstall openssh-clients for additional protection against accidental usage of this binary.
CVE description copyright © 2017, The MITRE Corporation