CVE-2019-6109
EUVD-2019-1567631.01.2019, 18:29
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openbsd | openssh | 𝑥 ≤ 7.9 |
| winscp | winscp | 𝑥 ≤ 5.13 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | element_software | - |
| netapp | ontap_select_deploy | - |
| netapp | storage_automation_store | - |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.6 |
| siemens | scalance_x204rna_firmware | 𝑥 < 3.2.7 |
| siemens | scalance_x204rna_eec_firmware | 𝑥 < 3.2.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssh |
| ||||||||||||||||||||||||||||||
| openssh-ssh1 |
|
References