Security Bulletin
Summary
OpenSSH is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE.
Vulnerability Details
CVEID: CVE-2020-15778
DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. By opening a specially crafted file containing backtick characters in the destination argument, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185805 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Netezza Host Management | All Host Management versions starting 5.3.5.1 |
Remediation/Fixes
None
Workarounds and Mitigations
The way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems.
Therefore to mitigate CVE-2020-15778 we suggest below method to copy files and directories between two servers.
- To copy a file from local host to remote host:
cd file_dir_path
tar zcf - file_name | ssh user@remote_host 'tar zxf - -C remote_dir_path'
file_dir_path : path to the directory where the file 'file_name' exists
file_name : name of the file that needs to be copied
remote_dir_path : destination path in the remote host where file_name has to be pasted
Example:
[root@nzhost ~]# ll local_dir/simple.txt
-rw-r--r-- 1 root root 6 Sep 23 08:45 local_dir/simple.txt
[root@nzhost ~]#cd local_dir
[root@nzhost local_dir]# tar zcf - simple.txt | ssh root@ha2 'tar zxf - -C /root/remote_dir'
- To copy a file from remote host to local host:
ssh root@remote_host 'cd /file_dir_path ; tar zcf - file_name' | tar zxf - -C local_dir_path
file_dir_path : path to the directory in the remote host where file_name exists
local_dir_path : path in the local host where file 'file_name' has to be pasted
Example:
[root@nzhost ~]# ssh root@ha2 'cd /root/remote_dir; tar zcf - pullme.txt' | tar zxf - -C /root/local_dir
- To copy a local directory and its contents from local host to remote host:
cd dir_containing_local_dir
tar zcf - local_dir | ssh user@remote_host 'tar zxf - -C remote_dir_path'
dir_containing_local_dir : path to the directory that contains local_dir
local_dir : directory that needs to be copied
remote_dir_path : destination path in the remote host where local_dir has to be pasted
Example:
[root@nzhost /]# ll -d /root/local_dir/
drwxr-xr-x 4 root root 4096 Sep 25 03:00 /root/local_dir/
[root@nzhost /]# cd /root;
[root@nzhost ~]# tar zcf - local_dir | ssh root@ha2 'tar zxf - -C /root/remote_dir'
- To copy a remote directory and its contents from remote host to local host:
ssh root@remote_host 'cd /dir_containing_remote_dir; tar zcf - remote_dir' | tar zxf - -C local_dir_path
dir_containing_remote_dir : path to the directory in the remote host that contains remote_dir
remote_dir : directory that need to be copied
local_dir_path : path in the local host where remote_dir has to be pasted
Example:
[root@nzhost ~]# ssh root@ha2 'cd /root; tar zcf - remote_dir' | tar zxf - -C /root/local_dir
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
27 Sep 2020: Original Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
27 September 2020
UID
ibm16338527