PT-2019-1441 · Openssh+4 · Openssh+4

Published

2018-11-06

Updated

2025-12-18

CVE-2019-6110

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH version 7.9

Description The issue allows a malicious server or Man-in-The-Middle attacker to manipulate the client output, for example, by using ANSI control codes to hide additional files being transferred. This is due to the acceptance and display of arbitrary stderr output from the server. The vulnerability is related to insufficient access control in the implementation of the scp utility for remote file copying, which can allow a remote attacker to hide the name of the file being transferred.

Recommendations For OpenSSH version 7.9, consider restricting access to the scp client until a patch is available, and be cautious of files transferred from untrusted sources to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of the scp client for remote file copying until a patch is available.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-838

Related Identifiers

ALT-PU-2018-2598

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2019-00831

CVE-2019-6110

ECHO-701C-0998-5CEF

OPENSUSE-SU-2019:0091-1

OPENSUSE-SU-2019_0091-1

OPENSUSE-SU-2019_0093-1

OPENSUSE-SU-2024:11124-1

SUSE-SU-2019:0125-1

SUSE-SU-2019:0125-2

SUSE-SU-2019:0126-1

SUSE-SU-2019:0132-1

SUSE-SU-2019:13931-1

Affected Products

Alt Linux

Debian

Ibm Aix

Openssh

Suse

PT-2019-1441 · Openssh+4 · Openssh+4

CVE-2019-6110

Weakness Enumeration

Related Identifiers

Affected Products

References · 50