Описание
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:7.6p1-4ubuntu0.2 |
| cosmic | released | 1:7.7p1-4ubuntu0.2 |
| devel | released | 1:7.9p1-6 |
| disco | released | 1:7.9p1-6 |
| eoan | released | 1:7.9p1-6 |
| esm-infra-legacy/trusty | not-affected | 1:6.6p1-2ubuntu2.12 |
| esm-infra/bionic | not-affected | 1:7.6p1-4ubuntu0.2 |
| esm-infra/focal | not-affected | 1:7.9p1-6 |
| esm-infra/xenial | not-affected | 1:7.2p2-4ubuntu2.7 |
| fips-preview/jammy | released | 1:7.9p1-6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | ignored | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | ignored | |
| esm-apps/focal | ignored | |
| esm-apps/jammy | ignored | |
| esm-apps/noble | ignored | |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
4 Medium
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
An issue was discovered in OpenSSH 7.9. Due to missing character encod ...
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Уязвимость функции refresh_progress_meter() (progressmeter.c) средства криптографической защиты OpenSSH, позволяющая нарушителю раскрыть защищаемую информацию или выполнить произвольный код
EPSS
4 Medium
CVSS2
6.8 Medium
CVSS3