An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html

access.redhat.com/errata/RHSA-2019:3702

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c

cvsweb.openbsd.org/src/usr.bin/ssh/scp.c

lists.debian.org/debian-lts-announce/2019/03/msg00030.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/

security.gentoo.org/glsa/201903-16

security.netapp.com/advisory/ntap-20190213-0001/

sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

usn.ubuntu.com/3885-1/

www.debian.org/security/2019/dsa-4387

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

nessus 39

debiancve 1

prion 1

symantec 2

cve 1

ubuntucve 1

osv 3

f5 2

attackerkb 1

redhatcve 1

nvd 1

alpinelinux 1

broadcom 1

veracode 1

openvas 26

suse 4

fedora 1

cloudlinux 1

altlinux 1

mageia 1

ibm 4

debian 2

oraclelinux 1

cloudfoundry 1

amazon 2

archlinux 1

ubuntu 1

redhat 1

gentoo 1

thn 1

aix 1

photon 6

rosalinux 1

kitploit 1

ics 2

oracle 1

nessus

F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)

2022-11-08 00:00:00

Siemens SCALANCE X-200RNA Switch Devices Improper Encoding or Escaping of Output (CVE-2019-6109)

2023-02-23 00:00:00

SUSE SLES12 Security Update : openssh (SUSE-SU-2019:0941-1)

2019-04-15 00:00:00

debiancve

CVE-2019-6109

2019-01-31 18:29:00

prion

Design/Logic Flaw

2019-01-31 18:29:00

symantec

OpenSSH CVE-2019-6109 Man in the Middle Security Bypass Vulnerability

2019-01-11 00:00:00

OpenSSH Vulnerabilities Jan-Oct 2019

2020-04-21 20:41:25

cve

CVE-2019-6109

2019-01-31 18:29:00

ubuntucve

CVE-2019-6109

2019-01-14 00:00:00

osv

CVE-2019-6109

2019-01-31 18:29:00

openssh - security update

2019-03-25 00:00:00

openssh - security update

2019-02-09 00:00:00

K12252011 : OpenSSH vulnerability CVE-2019-6109

2019-01-17 00:00:00

K31781390 : January 2019 OpenSSH security vulnerabilities

2019-01-17 00:00:00

attackerkb

CVE-2019-6109

2019-01-31 00:00:00

redhatcve

CVE-2019-6109

2019-01-15 00:51:33

nvd

CVE-2019-6109

2019-01-31 18:29:00

alpinelinux

CVE-2019-6109

2019-01-31 18:29:00

broadcom

Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)

2024-04-16 00:00:00

veracode

Phishing Attack

2019-11-06 00:21:13

openvas

SUSE: Security Advisory (SUSE-SU-2019:0941-1)

2021-04-19 00:00:00

PuTTY SCP Multiple Spoofing Vulnerabilities - Windows

2019-01-17 00:00:00

openSUSE: Security Advisory for openssh (openSUSE-SU-2019:1602-1)

2019-06-25 00:00:00

suse

Security update for openssh (moderate)

2019-06-24 00:00:00

Security update for openssh (moderate)

2019-03-08 00:00:00

Security update for openssh (important)

2019-01-28 00:00:00

fedora

[SECURITY] Fedora 30 Update: openssh-8.0p1-1.fc30

2019-05-04 00:17:35

cloudlinux

openssh: Fix of 2 CVEs

2022-12-19 20:22:19

altlinux

Security fix for the ALT Linux 10 package openssh version 7.9p1-alt4.p10.1

2022-03-23 00:00:00

mageia

Updated openssh packages fix security vulnerabilities

2019-05-12 12:35:33

ibm

Security Bulletin: IBM i is affected by CVE-2018-20685, CVE-2019-6111, and CVE-2019-6109 vulnerabilities in OpenSSH.

2019-12-18 14:26:38

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

2020-11-18 10:45:11

Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111)

2019-07-16 15:45:01

debian

[SECURITY] [DLA 1728-1] openssh security update

2019-03-25 13:46:48

[SECURITY] [DSA 4387-1] openssh security update

2019-02-09 13:29:00

oraclelinux

openssh security, bug fix, and enhancement update

2019-11-14 00:00:00

cloudfoundry

USN-3885-1: OpenSSH vulnerabilities | Cloud Foundry

2019-02-15 00:00:00

amazon

Medium: openssh

2019-10-28 17:02:00

Medium: openssh

2019-05-29 19:02:00

archlinux

[ASA-201904-11] openssh: multiple issues

2019-04-24 00:00:00

ubuntu

OpenSSH vulnerabilities

2019-02-07 00:00:00

redhat

(RHSA-2019:3702) Moderate: openssh security, bug fix, and enhancement update

2019-11-05 20:52:47

gentoo

OpenSSH: Multiple vulnerabilities

2019-03-20 00:00:00

thn

36-Year-Old SCP Clients' Implementation Flaws Discovered

2019-01-15 12:32:00

aix

Vulnerabilities in OpenSSH affect AIX.

2019-07-16 09:38:57

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0159

2019-05-10 00:00:00

Critical Photon OS Security Update - PHSA-2019-0014

2019-05-11 00:00:00

Critical Photon OS Security Update - PHSA-2019-0159

2019-05-10 00:00:00

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVELIST:CVE-2019-6109