Debian 8: DLA-1728-1 Serious Vulnerabilities Found in Openssh Client
debian lts
March 25, 2019
Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer
Topics Covered
Summary
CVE-2018-20685
In scp.c, the scp client allowed remote SSH servers to bypass
intended access restrictions via the filename of . or an empty
filename. The impact was modifying the permissions of the target
directory on the client side.
CVE-2019-6109
Due to missing character encoding in the progress display, a
malicious server (or Man-in-The-Middle attacker) was able to employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affected refresh_progress_meter() in progressmeter.c.
CVE-2019-6111
Due to the scp implementation being derived from 1983 rcp, the server
chooses which files/directories are sent to the client. However, the
scp client only performed cursory validation of the object name
returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) was able to
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: openssh
Version: 1:6.7p1-5+deb8u8
CVE ID: CVE-2018-20685 CVE-2019-6109 CVE-2019-6111
Debian Bug: 793412 919101 923486
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!