[MacPorts] #56216: openssh: update to 7.9p1 (was: openssh: update to 7.7p1)

MacPorts noreply at macports.org
Mon Jan 14 10:48:14 UTC 2019 

#56216: openssh: update to 7.9p1
----------------------+----------------------
  Reporter:  l2dy     |      Owner:  (none)
      Type:  update   |     Status:  new
  Priority:  Normal   |  Milestone:
 Component:  ports    |    Version:
Resolution:           |   Keywords:  security
      Port:  openssh  |
----------------------+----------------------
Changes (by l2dy):

 * keywords:   => security


Old description:



New description:

 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

 Vulnerabilities
 ---------------

 1. CWE-20: scp client improper directory name validation [CVE-2018-20685]

 The scp client allows server to modify permissions of the target directory
 by using empty
 ("D0777 0 \n") or dot ("D0777 0 .\n") directory name.


 2. CWE-20: scp client missing received object name validation
 [CVE-2019-6111]

 Due to the scp implementation being derived from 1983 rcp [1], the server
 chooses which
 files/directories are sent to the client. However, scp client only perform
 cursory
 validation of the object name returned (only directory traversal attacks
 are prevented).
 A malicious scp server can overwrite arbitrary files in the scp client
 target directory.
 If recursive operation (-r) is performed, the server can manipulate
 subdirectories
 as well (for example overwrite .ssh/authorized_keys).

 The same vulnerability in WinSCP is known as CVE-2018-20684.


 3. CWE-451: scp client spoofing via object name [CVE-2019-6109]

 Due to missing character encoding in the progress display, the object name
 can be used
 to manipulate the client output, for example to employ ANSI codes to hide
 additional
 files being transferred.


 4. CWE-451: scp client spoofing via stderr [CVE-2019-6110]

 Due to accepting and displaying arbitrary stderr output from the scp
 server, a
 malicious server can manipulate the client output, for example to employ
 ANSI codes
 to hide additional files being transferred.

--

-- 
Ticket URL: <https://trac.macports.org/ticket/56216#comment:4>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list