CVE-2019-6110

2019-01-1500:50:59

redhat.com

access.redhat.com

0.004 Low

EPSS

Percentile

74.4%

JSON

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Mitigation

This issue only affects the users of scp binary which is a part of openssh-clients package. Other usage of SSH protocol or other ssh clients is not affected. Administrators can uninstall openssh-clients for additional protection against accidental usage of this binary. Removing the openssh-clients package will make binaries like scp and ssh etc unavailable on that system.

Note: To exploit this flaw, the victim needs to connect to a malicious SSH server or MITM (Man-in-the-middle) the scp connection, both of which can be detected by the system administrator via a change in the host key of the SSH server. Further, if connections via scp are made to only trusted SSH servers, then those use-cases are not vulnerable to this security flaw.

References

bugzilla.redhat.com/show_bug.cgi?id=1666124

www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt