Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2026-35385 - CERT CVE
CVE-2026-35385
ID
CVE-2026-35385
Sažetak
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
Reference
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
https://www.openssh.org/releasenotes.html#10.3p1
https://www.openwall.com/lists/oss-security/2026/04/02/3
https://access.redhat.com/errata/RHSA-2026:12389
https://access.redhat.com/errata/RHSA-2026:13380
https://access.redhat.com/errata/RHSA-2026:13381
https://access.redhat.com/errata/RHSA-2026:13383
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:16059
https://access.redhat.com/errata/RHSA-2026:19069
https://access.redhat.com/errata/RHSA-2026:19219
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:21298
https://access.redhat.com/errata/RHSA-2026:21398
https://access.redhat.com/errata/RHSA-2026:22329
https://access.redhat.com/errata/RHSA-2026:22468
https://access.redhat.com/errata/RHSA-2026:22564
https://access.redhat.com/errata/RHSA-2026:22648
https://access.redhat.com/errata/RHSA-2026:25044
https://access.redhat.com/errata/RHSA-2026:25063
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25181
https://access.redhat.com/errata/RHSA-2026:26528
https://access.redhat.com/errata/RHSA-2026:26542
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:28962
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:34098
https://access.redhat.com/security/cve/CVE-2026-35385
https://bugzilla.redhat.com/show_bug.cgi?id=2454469
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35385.json
CVSS
Base:
7.5
Impact:
5.9
Exploitability:
1.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
HIGH
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
HIGH
HIGH
HIGH
CVSS vektor
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje
10-07-2026 - 12:16
Objavljeno
02-04-2026 - 17:16