CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Published : 2019-01-31 18:29 Updated : 2019-04-18 03:29

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
Openbsd Openssh 7.9 cpe:/a:openbsd:openssh:7.9
Winscp Winscp 5.1.3 cpe:/a:winscp:winscp:5.1.3
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
      4. 18.10
  2. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.9
  3. Winscp (1) Search CVE
    1. Winscp (1) Search CVE
      1. 5.1.3
  4. Redhat (1) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 7.0
  5. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 9.0
      2. 8.0

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-04-18 03:29
2019-03-25 16:29
2019-03-21 16:01
2019-03-08 17:12
2019-03-05 11:29
2019-02-19 18:09
2019-02-16 03:29
2019-02-14 11:29
2019-02-10 11:29
2019-02-09 11:29
2019-02-01 11:29
2019-01-31 18:29

New CVE