PT-2019-1440 · Openssh+6 · Openssh+6

Mark E. Haase

·

Published

2018-11-06

·

Updated

2026-05-19

·

CVE-2019-6111

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions OpenSSH versions 7.9
Description The issue is related to the scp client in OpenSSH, which allows a malicious server to bypass intended access restrictions. This can be achieved by manipulating the filename, such as using . or an empty filename, allowing the server to overwrite arbitrary files in the client's target directory. If a recursive operation is performed, the server can also manipulate subdirectories. For example, it can overwrite the .ssh/authorized keys file.
Recommendations For OpenSSH version 7.9, consider disabling the scp client until a patch is available, or restrict access to the vulnerable scp.c file to minimize the risk of exploitation. As a temporary workaround, avoid using the recursive operation (-r) to prevent the server from manipulating subdirectories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

RCE

Weakness Enumeration

CWE-22CWE-20

Related Identifiers

ALT-PU-2018-2598
ALT-PU-2022-1557
ALT-PU-2022-1569
ALT-PU-2024-12010
ALT-PU-2024-12012
ALT-PU-2024-3921
ALT-PU-2024-4077
ALT-PU-2024-4467
ALT-PU-2024-9513
BDU:2019-00830
BDU:2019-03788
CESA-2019_3702
CVE-2019-6111
DLA-1728-1
DSA-4387-1
DSA-4387-2
MGASA-2019-0156
OPENSUSE-SU-2019:0091-1
OPENSUSE-SU-2019:0307-1
OPENSUSE-SU-2019_0091-1
OPENSUSE-SU-2019_0093-1
OPENSUSE-SU-2019_0307-1
OPENSUSE-SU-2019_1602-1
OPENSUSE-SU-2024:11124-1
PAN-SA-2020-0002
RHSA-2019:3702
RHSA-2019_3702
ROSA-SA-2025-2551
SUSE-SU-2019:0125-1
SUSE-SU-2019:0125-2
SUSE-SU-2019:0126-1
SUSE-SU-2019:0132-1
SUSE-SU-2019:0496-1
SUSE-SU-2019:0941-1
SUSE-SU-2019:13931-1
SUSE-SU-2019:14016-1
SUSE-SU-2019:14030-1
SUSE-SU-2019:1524-1
SUSE-SU-2019_14030-1
USN-3885-1
USN-3885-2

Affected Products

Alt Linux
Centos
Ibm Aix
Openssh
Red Hat
Suse
Ubuntu