5.9

CVE-2019-6111

Exploit

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version <= 7.9
WinSCPWinSCP Version <= 5.1.3
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
RedhatEnterprise Linux Eus Version8.6
FedoraprojectFedora Version30
ApacheMina Sshd Version2.2.0
FreebsdFreebsd Version < 12.0
FreebsdFreebsd Version12.0 Update-
FreebsdFreebsd Version12.0 Updatep1
FreebsdFreebsd Version12.0 Updatep2
FreebsdFreebsd Version12.0 Updatep3
FujitsuM10-1 Firmware Version < xcp2361
   FujitsuM10-1 Version-
FujitsuM10-4 Firmware Version < xcp2361
   FujitsuM10-4 Version-
FujitsuM10-4s Firmware Version < xcp2361
   FujitsuM10-4s Version-
FujitsuM12-1 Firmware Version < xcp2361
   FujitsuM12-1 Version-
FujitsuM12-2 Firmware Version < xcp2361
   FujitsuM12-2 Version-
FujitsuM12-2s Firmware Version < xcp2361
   FujitsuM12-2s Version-
FujitsuM10-1 Firmware Version < xcp3070
   FujitsuM10-1 Version-
FujitsuM10-4 Firmware Version < xcp3070
   FujitsuM10-4 Version-
FujitsuM10-4s Firmware Version < xcp3070
   FujitsuM10-4s Version-
FujitsuM12-1 Firmware Version < xcp3070
   FujitsuM12-1 Version-
FujitsuM12-2 Firmware Version < xcp3070
   FujitsuM12-2 Version-
FujitsuM12-2s Firmware Version < xcp3070
   FujitsuM12-2s Version-
SiemensScalance X204rna Firmware Version < 3.2.7
   SiemensScalance X204rna Version-
SiemensScalance X204rna Eec Firmware Version < 3.2.7
   SiemensScalance X204rna Eec Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 57.89% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://usn.ubuntu.com/3885-1/
Third Party Advisory
https://www.exploit-db.com/exploits/46193/
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/106741
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1677794
Third Party Advisory
Exploit
Issue Tracking
https://usn.ubuntu.com/3885-2/
Third Party Advisory