CVE-2019-6111
Description
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
54.405
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-6111 are affected in WinSCP 5.1.3 | Windows |
| Vulnerabilities CVE-2013-4852,CVE-2019-6111 are affected in WinSCP (MSI) 5.1.3 | Windows |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.2p2-4ubuntu2.8_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.2p2-4ubuntu2.7_amd64.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.6p1-4ubuntu0.3_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.6p1-4ubuntu0.3_amd64.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.7p1-4ubuntu0.3_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-1) openssh-client_7.7p1-4ubuntu0.2_amd64.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.2p2-4ubuntu2.8_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.2p2-4ubuntu2.8_amd64.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.6p1-4ubuntu0.3_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.6p1-4ubuntu0.3_amd64.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.7p1-4ubuntu0.3_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.7p1-4ubuntu0.3_amd64.deb | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-debuginfo-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-debuginfo-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-debugsource-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-helpers-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0132-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-helpers-debuginfo-7.2p2-74.35.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.12.1.i586.rpm | Linux |
| SUSE-SU-2019:13931-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssh-askpass-gnome-7.2p2-74.42.10.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-askpass-gnome-debuginfo-7.2p2-74.42.10.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-debuginfo-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-debugsource-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-helpers-7.2p2-74.42.8.x86_64.rpm | Linux |
| SUSE-SU-2019:1524-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-helpers-debuginfo-7.2p2-74.42.8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-askpass-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-cavs-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-clients-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-debugsource-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-keycat-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-ldap-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update openssh-server-8.0p1-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3702) openssh security, bug fix, and enhancement update pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm | Linux |
| (CESA-2019:3702) openssh security, bug fix, and enhancement update openssh-askpass-8.0p1-3.el8.x86_64.rpm | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.6p1-4ubuntu0.3_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3885-2) openssh-client_7.6p1-4ubuntu0.3_amd64.deb | Linux |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2019-6111) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-326031 | WinSCP (5.21.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234