Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-6111

Public on 2019-01-31
Modified on 2023-05-17
Description

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Severity
Medium
See what this means
CVSS v3 Base Score
5.9
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 openssh 2019-10-28 17:02 ALAS-2019-1313
Amazon Linux 2 - Core openssh 2019-05-29 19:02 ALAS2-2019-1216

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
NVD CVSSv2 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P
NVD CVSSv3 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N