Debian Local Security Checks : Debian Security Advisory DSA 4387-1 (openssh

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704387

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 4387-1 (openssh - security update)

Zusammenfassung: Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in;OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities;are in found in the scp client implementing the SCP protocol.;;CVE-2018-20685;Due to improper directory name validation, the scp client allows servers to;modify permissions of the target directory by using empty or dot directory;name.;;CVE-2019-6109;Due to missing character encoding in the progress display, the object name;can be used to manipulate the client output, for example to employ ANSI;codes to hide additional files being transferred.;;CVE-2019-6111;Due to scp client insufficient input validation in path names sent by;server, a malicious server can do arbitrary file overwrites in target;directory. If the recursive (-r) option is provided, the server can also;manipulate subdirectories as well.;;The check added in this version can lead to regression if the client and;the server have differences in wildcard expansion rules. If the server is;trusted for that purpose, the check can be disabled with a new -T option to;the scp client.

Beschreibung: Summary:
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in
OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities
are in found in the scp client implementing the SCP protocol.

CVE-2018-20685
Due to improper directory name validation, the scp client allows servers to
modify permissions of the target directory by using empty or dot directory
name.

CVE-2019-6109
Due to missing character encoding in the progress display, the object name
can be used to manipulate the client output, for example to employ ANSI
codes to hide additional files being transferred.

CVE-2019-6111
Due to scp client insufficient input validation in path names sent by
server, a malicious server can do arbitrary file overwrites in target
directory. If the recursive (-r) option is provided, the server can also
manipulate subdirectories as well.

The check added in this version can lead to regression if the client and
the server have differences in wildcard expansion rules. If the server is
trusted for that purpose, the check can be disabled with a new -T option to
the scp client.

Affected Software/OS:
openssh on Debian Linux

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 1:7.4p1-10+deb9u5.

We recommend that you upgrade your openssh packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-6109
Debian Security Information: DSA-4387 (Google Search)
https://www.debian.org/security/2019/dsa-4387
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
https://security.gentoo.org/glsa/201903-16
https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html
RedHat Security Advisories: RHSA-2019:3702
https://access.redhat.com/errata/RHSA-2019:3702
SuSE Security Announcement: openSUSE-SU-2019:1602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html
https://usn.ubuntu.com/3885-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-6111
BugTraq ID: 106741
http://www.securityfocus.com/bid/106741
https://www.exploit-db.com/exploits/46193/
FreeBSD Security Advisory: FreeBSD-EN-19:10
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc
https://bugzilla.redhat.com/show_bug.cgi?id=1677794
https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23@%3Cdev.mina.apache.org%3E
https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b@%3Cdev.mina.apache.org%3E
https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f@%3Cdev.mina.apache.org%3E
https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a@%3Cdev.mina.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/18/1
https://usn.ubuntu.com/3885-2/

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704387
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 4387-1 (openssh - security update)
Zusammenfassung:	Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in;OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities;are in found in the scp client implementing the SCP protocol.;;CVE-2018-20685;Due to improper directory name validation, the scp client allows servers to;modify permissions of the target directory by using empty or dot directory;name.;;CVE-2019-6109;Due to missing character encoding in the progress display, the object name;can be used to manipulate the client output, for example to employ ANSI;codes to hide additional files being transferred.;;CVE-2019-6111;Due to scp client insufficient input validation in path names sent by;server, a malicious server can do arbitrary file overwrites in target;directory. If the recursive (-r) option is provided, the server can also;manipulate subdirectories as well.;;The check added in this version can lead to regression if the client and;the server have differences in wildcard expansion rules. If the server is;trusted for that purpose, the check can be disabled with a new -T option to;the scp client.
Beschreibung:	Summary: Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows servers to modify permissions of the target directory by using empty or dot directory name. CVE-2019-6109 Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred. CVE-2019-6111 Due to scp client insufficient input validation in path names sent by server, a malicious server can do arbitrary file overwrites in target directory. If the recursive (-r) option is provided, the server can also manipulate subdirectories as well. The check added in this version can lead to regression if the client and the server have differences in wildcard expansion rules. If the server is trusted for that purpose, the check can be disabled with a new -T option to the scp client. Affected Software/OS: openssh on Debian Linux Solution: For the stable distribution (stretch), these problems have been fixed in version 1:7.4p1-10+deb9u5. We recommend that you upgrade your openssh packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-6109 Debian Security Information: DSA-4387 (Google Search) https://www.debian.org/security/2019/dsa-4387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ https://security.gentoo.org/glsa/201903-16 https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html RedHat Security Advisories: RHSA-2019:3702 https://access.redhat.com/errata/RHSA-2019:3702 SuSE Security Announcement: openSUSE-SU-2019:1602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html https://usn.ubuntu.com/3885-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6111 BugTraq ID: 106741 http://www.securityfocus.com/bid/106741 https://www.exploit-db.com/exploits/46193/ FreeBSD Security Advisory: FreeBSD-EN-19:10 https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc https://bugzilla.redhat.com/show_bug.cgi?id=1677794 https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a@%3Cdev.mina.apache.org%3E http://www.openwall.com/lists/oss-security/2019/04/18/1 https://usn.ubuntu.com/3885-2/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH