Date: Tue, 15 Jan 2019 09:37:37 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234965] openssh, scp vulnerability CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110 Message-ID: <bug-234965-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234965 Bug ID: 234965 Summary: openssh, scp vulnerability CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110 Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Keywords: security Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: bobf@mrp3.com according to this article: https://www.theregister.co.uk/2019/01/15/scp_vulnerability/ OpenSSH 7.9 and earlier contain a set of vulnerabilities that date back to 1983. These are: CVE-2018-20685 - server can alter directory permissions on the client CVE-2019-6111 - server can send arbitrary files not requested by the clien= t, even overwriting files in the client's file system. CVE-2019-6109, CVE-2019-6110 - server can alter the object name or output display on the ssh client to hide files being copied There is apparently a patch available, linked to from the article mentioned above, which appears to apply to -CURRENT from a few days ago. I have not attempted to build the source. however, the patch is available here: https://sintonen.fi/advisories/scp-name-validator.patch Since I have only verified that the code in the FreeBSD crypto/openssh tree does not appear to have been patched for these vulnerabilities, I can not f= or certain say that they exist; however, it is extremely likely and needs to be brought to the attention of the appropriate people. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234965-227>