CVE-2019-6110
Published: 31 January 2019
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Notes
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
mdeslaur | The recommended workaround for this issue is to switch to using sftp instead of scp. Per https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html upstream doesn't consider this to be a vulnerability, and as of 2020-07-07, there is no upstream fix. We will not be fixing this issue in Ubuntu stable releases. |
Priority
Status
Package | Release | Status |
---|---|---|
openssh Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
|
|
focal |
Ignored
|
|
trusty |
Ignored
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
|
|
openssh-ssh1 Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
cosmic |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(frozen on openssh 7.5p)
|
|
xenial |
Does not exist
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
|
|
focal |
Ignored
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |