- Openssh 7.9 P1 Portable
Executive Summary
| Informations |
|---|
| Name | CVE-2019-6110 | First vendor Publication | 2019-01-31 |
| Vendor | Cve | Last vendor Modification | 2020-08-24 |
But the scan report includes a line 'customers are advised to upgrade to OpenSSH 8.4/8.4 P1. I'm on version 7.4 P1. If I executed yum update openssh it returns 'nothing to do'. An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshdconfig file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
|---|
| Overall CVSS Score | 6.8 |
| Base Score | 6.8 | Environmental Score | 6.8 |
| impact SubScore | 5.2 | Temporal Score | 6.8 |
| Exploitabality Sub Score | 1.6 |
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) |
|---|
| Cvss Base Score | 4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores |
Detail
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6110 |
Sources (Detail)
| Source | Url |
|---|
| CONFIRM | https://security.netapp.com/advisory/ntap-20190213-0001/
|
| EXPLOIT-DB | https://www.exploit-db.com/exploits/46193/
|
| GENTOO | https://security.gentoo.org/glsa/201903-16
|
| MISC | https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
|
Alert History
If you want to see full details history, please login or register.
| Date | Informations |
|---|
| 2021-04-22 02:49:28 | |
| 2021-02-05 01:28:47 | |
| 2020-09-03 01:27:47 | |
| 2020-07-25 12:24:48 | |
| 2020-05-23 02:32:08 | |
| 2019-10-05 12:11:36 | |
| 2019-04-18 21:19:12 | |
| 2019-04-17 12:08:37 | |
| 2019-03-21 21:19:23 | |
| 2019-03-07 21:19:28 | |
| 2019-02-27 17:19:15 | |
| 2019-02-15 12:08:42 | |
| 2019-02-05 21:19:39 | |
| 2019-02-01 17:18:59 | |
| 2019-01-31 21:19:38 | |
Executive Summary
| Informations |
|---|
| Name | CVE-2019-6110 | First vendor Publication | 2019-01-31 |
| Vendor | Cve | Last vendor Modification | 2020-08-24 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
|---|
| Overall CVSS Score | 6.8 |
| Base Score | 6.8 | Environmental Score | 6.8 |
| impact SubScore | 5.2 | Temporal Score | 6.8 |
| Exploitabality Sub Score | 1.6 |
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) |
|---|
| Cvss Base Score | 4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores |
Detail
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6110 |
Sources (Detail)
| Source | Url |
|---|
| CONFIRM | https://security.netapp.com/advisory/ntap-20190213-0001/
|
| EXPLOIT-DB | https://www.exploit-db.com/exploits/46193/
|
| GENTOO | https://security.gentoo.org/glsa/201903-16
|
| MISC | https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
|
Alert History
If you want to see full details history, please login or register.
Openssh 7.9 P1 Portable
| Date | Informations |
|---|
| 2021-04-22 02:49:28 | |
| 2021-02-05 01:28:47 | |
| 2020-09-03 01:27:47 | |
| 2020-07-25 12:24:48 | |
| 2020-05-23 02:32:08 | |
| 2019-10-05 12:11:36 | |
| 2019-04-18 21:19:12 | |
| 2019-04-17 12:08:37 | |
| 2019-03-21 21:19:23 | |
| 2019-03-07 21:19:28 | |
| 2019-02-27 17:19:15 | |
| 2019-02-15 12:08:42 | |
| 2019-02-05 21:19:39 | |
| 2019-02-01 17:18:59 | |
| 2019-01-31 21:19:38 | |