[Bug 234965] openssh, scp vulnerability CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 15 09:37:39 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234965
Bug ID: 234965
Summary: openssh, scp vulnerability CVE-2018-20685
CVE-2019-6111 CVE-2019-6109,6110
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: security
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: bugs at FreeBSD.org
Reporter: bobf at mrp3.com
according to this article:
https://www.theregister.co.uk/2019/01/15/scp_vulnerability/
OpenSSH 7.9 and earlier contain a set of vulnerabilities that date back to
1983.
These are:
CVE-2018-20685 - server can alter directory permissions on the client
CVE-2019-6111 - server can send arbitrary files not requested by the client,
even overwriting files in the client's file system.
CVE-2019-6109, CVE-2019-6110 - server can alter the object name or output
display on the ssh client to hide files being copied
There is apparently a patch available, linked to from the article mentioned
above, which appears to apply to -CURRENT from a few days ago. I have not
attempted to build the source. however, the patch is available here:
https://sintonen.fi/advisories/scp-name-validator.patch
Since I have only verified that the code in the FreeBSD crypto/openssh tree
does not appear to have been patched for these vulnerabilities, I can not for
certain say that they exist; however, it is extremely likely and needs to be
brought to the attention of the appropriate people.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list