Vulnerability CVE-2019-6109


Published: 2019-01-31

Description:
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SCP Server Verification Issues
Harry Sintonen
16.01.2019

Type:

CWE-284

(Improper Access Control)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Openbsd
Product: Openssh 
Version: 7.9;
Vendor: Winscp
Product: Winscp 
Version: 5.13; 5.1.3;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.10
18.04
16.04
14.04
Vendor: Netapp
Product: Storage automation store 
Product: Ontap select deploy 
Product: Element software 

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
4.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
https://security.gentoo.org/glsa/201903-16
https://security.netapp.com/advisory/ntap-20190213-0001/
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
https://usn.ubuntu.com/3885-1/
https://www.debian.org/security/2019/dsa-4387

Related CVE
CVE-2019-5497
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-5492
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
CVE-2019-11035
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2018-20449
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
CVE-2019-9946
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptable...
CVE-2019-0222
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Copyright 2019, cxsecurity.com

 

Back to Top