What is the severity of CVE-2019-6109?

CVE-2019-6109 has been classified as a moderate severity vulnerability.

How do I fix CVE-2019-6109?

To fix CVE-2019-6109, upgrade OpenSSH to version 1:7.9p1-6 or higher.

Who is affected by CVE-2019-6109?

CVE-2019-6109 affects various versions of OpenSSH, especially those up to 7.9.

What type of attack does CVE-2019-6109 allow?

CVE-2019-6109 allows a malicious server or Man-in-The-Middle attacker to manipulate client output.

Which systems are affected by CVE-2019-6109?

Systems using vulnerable versions of OpenSSH, including Debian, Ubuntu, and Red Hat Enterprise Linux, are affected by CVE-2019-6109.

Vulnerability/
CVE-2019-6109

medium

6.8

CWE

116

23/7/2015

31/1/2019

21/11/2024

CVE-2019-6109

First published: Thu Jul 23 2015(Updated: )

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/openssh	<=1:7.9p1-5<=1:6.7p1-6	1:7.9p1-6 1:7.4p1-10+deb9u5
OpenSSH	<=7.9
WinSCP	<=5.13
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=18.04
Ubuntu Linux	=18.10
Debian GNU/Linux	=8.0
Debian GNU/Linux	=9.0
NetApp Element Software
NetApp ONTAP Select Deploy Utility
NetApp Storage Automation Store
Fedoraproject Fedora	=30
Red Hat Enterprise Linux	=8.0
redhat enterprise Linux eus	=8.1
redhat enterprise Linux eus	=8.2
redhat enterprise Linux eus	=8.4
redhat enterprise Linux eus	=8.6
redhat enterprise Linux server aus	=8.2
redhat enterprise Linux server aus	=8.4
redhat enterprise Linux server aus	=8.6
redhat enterprise Linux server tus	=8.2
redhat enterprise Linux server tus	=8.4
redhat enterprise Linux server tus	=8.6
All of
Siemens Scalance X204RNA EEC Firmware	<3.2.7
Siemens Scalance X204RNA EEC
All of
Siemens Scalance X204RNA ECC Firmware	<3.2.7
Siemens Scalance X204RNA EEC Firmware
All of
Oracle Fujitsu M10-1 Firmware	<xcp2361
Oracle Fujitsu M10-1
All of
Oracle Fujitsu M10-4 Firmware	<xcp2361
Oracle Fujitsu M10-4
All of
fujitsu m10-4s firmware	<xcp2361
fujitsu m10-4s
All of
Oracle Fujitsu M12-1 Firmware	<xcp2361
Oracle Fujitsu M12-1 Firmware
All of
Oracle Fujitsu M12-2 Firmware	<xcp2361
fujitsu m12-2
All of
fujitsu m12-2s firmware	<xcp2361
fujitsu m12-2s
All of
Oracle Fujitsu M10-1 Firmware	<xcp3070
Oracle Fujitsu M10-1
All of
Oracle Fujitsu M10-4 Firmware	<xcp3070
Oracle Fujitsu M10-4
All of
fujitsu m10-4s firmware	<xcp3070
fujitsu m10-4s
All of
Oracle Fujitsu M12-1 Firmware	<xcp3070
Oracle Fujitsu M12-1 Firmware
All of
Oracle Fujitsu M12-2 Firmware	<xcp3070
fujitsu m12-2
All of
fujitsu m12-2s firmware	<xcp3070
fujitsu m12-2s
debian/openssh		1:8.4p1-5+deb11u3 1:8.4p1-5+deb11u4 1:9.2p1-2+deb12u4 1:9.2p1-2+deb12u5 1:9.9p1-3 1:9.9p2-1
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=18.10
Debian	=8.0
Debian	=9.0
Fedora	=30
All of
fujitsu m12-2s firmware	<xcp2361
Fujitsu SPARC M12-2S
All of
fujitsu m12-2s firmware	<xcp3070
Fujitsu SPARC M12-2S
Siemens Scalance X204RNA EEC Firmware	<3.2.7
Siemens Scalance X204RNA EEC
Siemens Scalance X204RNA ECC Firmware	<3.2.7
Siemens Scalance X204RNA EEC Firmware
Oracle Fujitsu M10-1 Firmware	<xcp2361
Oracle Fujitsu M10-1
Oracle Fujitsu M10-4 Firmware	<xcp2361
Oracle Fujitsu M10-4
fujitsu m10-4s firmware	<xcp2361
fujitsu m10-4s
Oracle Fujitsu M12-1 Firmware	<xcp2361
Oracle Fujitsu M12-1 Firmware
Oracle Fujitsu M12-2 Firmware	<xcp2361
fujitsu m12-2
fujitsu m12-2s firmware	<xcp2361
Fujitsu SPARC M12-2S
Oracle Fujitsu M10-1 Firmware	<xcp3070
Oracle Fujitsu M10-4 Firmware	<xcp3070
fujitsu m10-4s firmware	<xcp3070
Oracle Fujitsu M12-1 Firmware	<xcp3070
Oracle Fujitsu M12-2 Firmware	<xcp3070
fujitsu m12-2s firmware	<xcp3070

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Remedy

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6109?
CVE-2019-6109 has been classified as a moderate severity vulnerability.
How do I fix CVE-2019-6109?
To fix CVE-2019-6109, upgrade OpenSSH to version 1:7.9p1-6 or higher.
Who is affected by CVE-2019-6109?
CVE-2019-6109 affects various versions of OpenSSH, especially those up to 7.9.
What type of attack does CVE-2019-6109 allow?
CVE-2019-6109 allows a malicious server or Man-in-The-Middle attacker to manipulate client output.
Which systems are affected by CVE-2019-6109?
Systems using vulnerable versions of OpenSSH, including Debian, Ubuntu, and Red Hat Enterprise Linux, are affected by CVE-2019-6109.

collector/debian-bugs
alias/CVE-2019-6109
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/last-modified-date
agent/author
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
collector/nvd-api
collector/nvd-index
package-manager/debian
vendor/openbsd
canonical/openssh
version/openssh/7.9
vendor/winscp
canonical/winscp
version/winscp/5.13
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/18.04
version/ubuntu linux/18.10
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
version/debian gnu/linux/9.0
vendor/netapp
canonical/netapp element software
canonical/netapp ontap select deploy utility
canonical/netapp storage automation store
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/30
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/8.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
version/redhat enterprise linux eus/8.6
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
version/redhat enterprise linux server aus/8.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.2
version/redhat enterprise linux server tus/8.4
version/redhat enterprise linux server tus/8.6
vendor/siemens
canonical/siemens scalance x204rna eec firmware
canonical/siemens scalance x204rna eec
canonical/siemens scalance x204rna ecc firmware
vendor/fujitsu
canonical/oracle fujitsu m10-1 firmware
canonical/oracle fujitsu m10-1
canonical/oracle fujitsu m10-4 firmware
canonical/oracle fujitsu m10-4
canonical/fujitsu m10-4s firmware
canonical/fujitsu m10-4s
canonical/oracle fujitsu m12-1 firmware
canonical/oracle fujitsu m12-2 firmware
canonical/fujitsu m12-2
canonical/fujitsu m12-2s firmware
canonical/fujitsu m12-2s
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/18.10
canonical/debian
version/debian/8.0
version/debian/9.0
canonical/fedora
version/fedora/30
canonical/fujitsu sparc m12-2s

CVE-2019-6109

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6109?

How do I fix CVE-2019-6109?

Who is affected by CVE-2019-6109?

What type of attack does CVE-2019-6109 allow?

Which systems are affected by CVE-2019-6109?

Company

Resources

Contact