Main Vulnerability Database SB2019062408

SB2019062408 - OpenSUSE Linux update for openssh

Published: June 24, 2019 Updated: June 27, 2019

Security Bulletin ID SB2019062408

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Spoofing attack (CVE-ID: CVE-2019-6109)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to accepting and displaying arbitrary stderr output from the scp server by the scp client. A malicious SCP server can use the object name to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

2) Security restrictions bypass (CVE-ID: CVE-2019-6111)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to missing received object name validation by the scp client. A malicious SCP server can overwrite arbitrary files in the SCP client target directory. If a recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html