REDHAT-BUG-1666119
First published: Tue Jan 15 2019(Updated: )
OpenSSH has a vulnerability in the scp client utility. Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred. External Reference: <a href="https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt">https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt</a> Proposed Patch: <a href="https://sintonen.fi/advisories/scp-name-validator.patch">https://sintonen.fi/advisories/scp-name-validator.patch</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GSI OpenSSH |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
- https://sintonen.fi/advisories/scp-name-validator.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1666121
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1666119#c3
- https://bugzilla.mindrot.org/show_bug.cgi?id=2434
- https://access.redhat.com/security/cve/CVE-2019-6109
- https://nvd.nist.gov/vuln/detail/CVE-2019-6109
- https://access.redhat.com/errata/RHSA-2019:3702
- https://access.redhat.com/security/cve/cve-2019-6109
- https://bugzilla.redhat.com/show_bug.cgi?id=1666119
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-6109
- agent/source
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openssh
- canonical/gsi openssh