Описание
Security update for openssh
This update for openssh fixes the following issues:
Security issue fixed:
- CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571)
- CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816)
- CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818)
- CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
Ссылки
- Link for SUSE-SU-2019:0125-1
- E-Mail link for SUSE-SU-2019:0125-1
- SUSE Security Ratings
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
- SUSE CVE CVE-2018-20685 page
- SUSE CVE CVE-2019-6109 page
- SUSE CVE CVE-2019-6110 page
- SUSE CVE CVE-2019-6111 page
Описание
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Затронутые продукты
Ссылки
- CVE-2018-20685
- SUSE Bug 1121571
- SUSE Bug 1123220
- SUSE Bug 1131109
- SUSE Bug 1134932
Описание
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Затронутые продукты
Ссылки
- CVE-2019-6109
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
- SUSE Bug 1138392
- SUSE Bug 1144902
- SUSE Bug 1144903
- SUSE Bug 1148884
Описание
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Затронутые продукты
Ссылки
- CVE-2019-6110
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
Описание
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Затронутые продукты
Ссылки
- CVE-2019-6111
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
- SUSE Bug 1123028
- SUSE Bug 1123220
- SUSE Bug 1131109
- SUSE Bug 1138392
- SUSE Bug 1144902
- SUSE Bug 1144903
- SUSE Bug 1148884
- SUSE Bug 1201840