Main Vulnerability Database SB2019042923

SB2019042923 - Fedora 30 update for openssh

Published: April 29, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019042923

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2019-6111)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to missing received object name validation by the scp client. A malicious SCP server can overwrite arbitrary files in the SCP client target directory. If a recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).

2) Spoofing attack (CVE-ID: CVE-2019-6109)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to accepting and displaying arbitrary stderr output from the scp server by the scp client. A malicious SCP server can use the object name to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2019-0f4190cdb0