[BlueOnyx:27047] PCI problem with OpenSSH
Michael Aronoff
maronoff at gmail.com
Fri Jun 14 02:08:22 -05 2024
I have a server that needs to pass a PCI Compliance scan. It passes
everything except an issue with OpenSSH that I am not sure how to
mitigate.
The results show that the CVE ID is CVE-2020-15778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778
The threat description is:
>OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing
>encrypted communication sessions over a computer network using the SSH
>protocol.
>
>OpenSSH contains the following vulnerabilities:
>OpenSSH through 8.3p1 allows command injection in the scp.c toremote
>function, as demonstrated by backtick characters in the destination
>argument. NOTE: the vendor reportedly has stated that they
>intentionally omit validation of "anomalous argument transfers" because
>that could "stand a great chance of breaking existing workflows.
>Affected Versions:
>OpenSSH versions prior to 8.3
>
Anyone know if this can be fixed on a 5210R so it passes PCI Compliance?
Thanks,
________________________________
M Aronoff Out – maronoff at gmail.com
I'm a great believer in luck, and I find
the harder I work the more I have of it.
- Thomas Jefferson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20240614/2f9b3282/attachment.html>
More information about the Blueonyx
mailing list