F5F5:K21350967

HistoryJan 17, 2019 - 12:00 a.m.

K21350967 : OpenSSH vulnerability CVE-2019-6111

Vulners
F5
K21350967 : OpenSSH vulnerability CVE-2019-6111

2019-01-1700:00:00

my.f5.com

1111

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

Security Advisory Description

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). (CVE-2019-6111)

Impact

Improper validation of object names allows a malicious server to overwrite files through the OpenSSH SCP client.

CPENameOperatorVersion
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0

Name	Operator	Version
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0

Rows per page:

1-10 of 4611

nvd 4

ubuntu 2

veracode 1

prion 3

alpinelinux 1

osv 5

debian 3

cve 4

nessus 41

debiancve 2

redhatcve 2

cloudfoundry 2

ubuntucve 3

openvas 28

cvelist 4

attackerkb 1

zdt 2

fedora 1

suse 4

mageia 3

altlinux 1

exploitpack 2

packetstorm 1

amazon 4

ibm 4

oraclelinux 1

archlinux 1

redhat 1

exploitdb 2

gentoo 1

f5 1

thn 1

symantec 1

aix 1

photon 6

rosalinux 1

kitploit 1

ics 2

oracle 1

nvd

CVE-2019-6111

2019-01-31 18:29:00

CVE-2019-7283

2019-01-31 18:29:00

CVE-2023-35812

2024-04-03 17:15:47

ubuntu

OpenSSH vulnerability

2019-03-04 00:00:00

OpenSSH vulnerabilities

2019-02-07 00:00:00

veracode

Arbitrary File Overwrite

2019-11-06 00:21:13

prion

Directory traversal

2019-01-31 18:29:00

Input validation

2019-01-31 18:29:00

Directory traversal

2021-02-02 18:15:00

alpinelinux

CVE-2019-6111

2019-01-31 18:29:00

osv

openssh - security update

2019-03-02 00:00:00

CVE-2019-6111

2019-01-31 18:29:00

CVE-2019-25017

2021-02-02 18:15:10

debian

[SECURITY] [DSA 4387-2] openssh security update

2019-03-02 13:12:36

[SECURITY] [DLA 1728-1] openssh security update

2019-03-25 13:46:48

[SECURITY] [DSA 4387-1] openssh security update

2019-02-09 13:29:00

cve

CVE-2019-6111

2019-01-31 18:29:00

CVE-2019-7283

2019-01-31 18:29:00

CVE-2023-35812

2024-04-03 17:15:47

nessus

Siemens SCALANCE X-200RNA Switch Devices Path Traversal (CVE-2019-6111)

2023-03-24 00:00:00

F5 Networks BIG-IP : OpenSSH vulnerability (K21350967)

2022-11-08 00:00:00

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSH vulnerability (USN-3885-2)

2019-03-05 00:00:00

debiancve

CVE-2019-6111

2019-01-31 18:29:00

CVE-2019-7283

2019-01-31 18:29:00

redhatcve

CVE-2019-6111

2019-01-15 00:50:26

CVE-2019-25017

2021-02-10 17:35:41

cloudfoundry

USN-3885-2: OpenSSH vulnerability | Cloud Foundry

2019-04-25 00:00:00

USN-3885-1: OpenSSH vulnerabilities | Cloud Foundry

2019-02-15 00:00:00

ubuntucve

CVE-2019-6111

2019-01-14 00:00:00

CVE-2019-7283

2019-01-31 00:00:00

CVE-2019-25017

2021-02-02 00:00:00

openvas

Ubuntu: Security Advisory (USN-3885-2)

2019-03-05 00:00:00

SUSE: Security Advisory (SUSE-SU-2019:0941-1)

2021-04-19 00:00:00

openSUSE: Security Advisory for openssh (openSUSE-SU-2019:1602-1)

2019-06-25 00:00:00

cvelist

CVE-2019-6111

2019-01-31 00:00:00

CVE-2023-35812

2024-04-03 00:00:00

CVE-2019-7283

2019-01-31 18:00:00

attackerkb

CVE-2019-6111

2019-01-31 00:00:00

zdt

OpenSSH SCP Client - Write Arbitrary Files Exploit

2019-03-08 00:00:00

OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit

2019-01-20 00:00:00

fedora

[SECURITY] Fedora 30 Update: openssh-8.0p1-1.fc30

2019-05-04 00:17:35

suse

Security update for openssh (moderate)

2019-03-08 00:00:00

Security update for openssh (moderate)

2019-06-24 00:00:00

Security update for openssh (important)

2019-01-28 00:00:00

mageia

Updated openssh packages fix security vulnerabilities

2019-05-12 12:35:33

Updated rsh packages fix security vulnerability

2021-11-25 16:06:13

Updated krb5-appl packages fix security vulnerabilities

2021-04-24 01:53:14

altlinux

Security fix for the ALT Linux 10 package openssh version 7.9p1-alt4.p10.1

2022-03-23 00:00:00

exploitpack

OpenSSH SCP Client - Write Arbitrary Files

2019-01-11 00:00:00

SCP Client - Multiple Vulnerabilities (SSHtranger Things)

2019-01-18 00:00:00

packetstorm

SSHtranger Things SCP Client File Issue

2019-01-18 00:00:00

amazon

Medium: openssh

2023-08-03 18:29:00

Medium: openssh

2023-08-03 20:16:00

Medium: openssh

2019-10-28 17:02:00

ibm

Security Bulletin: IBM i is affected by CVE-2018-20685, CVE-2019-6111, and CVE-2019-6109 vulnerabilities in OpenSSH.

2019-12-18 14:26:38

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

2020-11-18 10:45:11

Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111)

2019-07-16 15:45:01

oraclelinux

openssh security, bug fix, and enhancement update

2019-11-14 00:00:00

archlinux

[ASA-201904-11] openssh: multiple issues

2019-04-24 00:00:00

redhat

(RHSA-2019:3702) Moderate: openssh security, bug fix, and enhancement update

2019-11-05 20:52:47

exploitdb

SCP Client - Multiple Vulnerabilities (SSHtranger Things)

2019-01-18 00:00:00

OpenSSH SCP Client - Write Arbitrary Files

2019-01-11 00:00:00

gentoo

OpenSSH: Multiple vulnerabilities

2019-03-20 00:00:00

K31781390 : January 2019 OpenSSH security vulnerabilities

2019-01-17 00:00:00

thn

36-Year-Old SCP Clients' Implementation Flaws Discovered

2019-01-15 12:32:00

symantec

OpenSSH Vulnerabilities Jan-Oct 2019

2020-04-21 20:41:25

aix

Vulnerabilities in OpenSSH affect AIX.

2019-07-16 09:38:57

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0159

2019-05-10 00:00:00

Critical Photon OS Security Update - PHSA-2019-0014

2019-05-11 00:00:00

Critical Photon OS Security Update - PHSA-2019-3.0-0014

2019-05-11 00:00:00

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc