An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apache
  • Mina Sshd
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Freebsd
  • Freebsd
Fujitsu
  • M10-1
  • M10-1 Firmware
  • M10-4
  • M10-4 Firmware
  • M10-4s
  • M10-4s Firmware
  • M12-1
  • M12-1 Firmware
  • M12-2
  • M12-2 Firmware
  • M12-2s
  • M12-2s Firmware
Openbsd
  • Openssh
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
Siemens
  • Scalance X204rna
  • Scalance X204rna Eec
  • Scalance X204rna Eec Firmware
  • Scalance X204rna Firmware
Winscp
  • Winscp

Configuration 1 [-]

OR cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
openssh-0:8.0p1-3.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:3702 2019-11-05T00:00:00Z
openssh-0:8.0p1-3.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2019:3702 2019-11-05T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/04/18/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/08/02/1 cve-icon cve-icon
http://www.securityfocus.com/bid/106741 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3702 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1677794 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf cve-icon cve-icon
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c cve-icon cve-icon
https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-6111 cve-icon
https://security.gentoo.org/glsa/201903-16 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190213-0001/ cve-icon cve-icon
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt cve-icon cve-icon cve-icon
https://usn.ubuntu.com/3885-1/ cve-icon cve-icon
https://usn.ubuntu.com/3885-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-6111 cve-icon
https://www.debian.org/security/2019/dsa-4387 cve-icon cve-icon
https://www.exploit-db.com/exploits/46193/ cve-icon cve-icon
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-31T00:00:00

Updated: 2024-08-04T20:16:23.623Z

Reserved: 2019-01-10T00:00:00

Link: CVE-2019-6111

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-31T18:29:00.867

Modified: 2023-11-07T03:13:05.610

Link: CVE-2019-6111

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-16T00:00:00Z

Links: CVE-2019-6111 - Bugzilla