[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2019-6111 -- openssh-server

ID: oval:org.secpod.oval:def:1902003Date: (C)2019-06-07   (M)2023-12-20
Class: VULNERABILITYFamily: unix




An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary files in the scp client target directory. If recursive operation is performed, the server can manipulate subdirectories as well .

Platform:
Ubuntu 19.04
Product:
openssh-server
Reference:
CVE-2019-6111
CVE    1
CVE-2019-6111
CPE    2
cpe:/a:openbsd:openssh-server
cpe:/o:ubuntu:ubuntu_linux:19.04

© SecPod Technologies