[Bug 234965] openssh, scp vulnerability CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110

Tue Jan 15 09:37:39 UTC 2019

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234965

            Bug ID: 234965
           Summary: openssh, scp vulnerability CVE-2018-20685
                    CVE-2019-6111 CVE-2019-6109,6110
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: bobf at mrp3.com

according to this article:

https://www.theregister.co.uk/2019/01/15/scp_vulnerability/

OpenSSH 7.9 and earlier contain a set of vulnerabilities that date back to
1983.

These are:

CVE-2018-20685 - server can alter directory permissions on the client

CVE-2019-6111 -  server can send arbitrary files not requested by the client,
even overwriting files in the client's file system.

CVE-2019-6109, CVE-2019-6110 - server can alter the object name or output
display on the ssh client to hide files being copied

There is apparently a patch available, linked to from the article mentioned
above, which appears to apply to -CURRENT from a few days ago.  I have not
attempted to build the source.  however, the patch is available here:

https://sintonen.fi/advisories/scp-name-validator.patch

Since I have only verified that the code in the FreeBSD crypto/openssh tree
does not appear to have been patched for these vulnerabilities, I can not for
certain say that they exist; however, it is extremely likely and needs to be
brought to the attention of the appropriate people.

-- 
You are receiving this mail because:
You are the assignee for the bug.