CVE-2019-6111

MEDIUM5.9EPSS 54.2%

openssh - security update

Published: 1/31/2019Modified: 12/3/2025

Also known as:ALPINE-CVE-2019-6111DEBIAN-CVE-2019-6111

Description

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Affected packages (3)

Alpine/opensshfrom 0, < 7.9_p1-r3
Debian/opensshfrom 0, < 1:7.9p1-9
Debian/opensshfrom 0, < 1:7.4p1-10+deb9u6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-6111
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-6111