[MacPorts] #56216: openssh: update to 7.9p1

MacPorts noreply at macports.org
Mon Jan 14 10:49:58 UTC 2019


#56216: openssh: update to 7.9p1
----------------------+--------------------
  Reporter:  l2dy     |      Owner:  (none)
      Type:  update   |     Status:  new
  Priority:  Normal   |  Milestone:
 Component:  ports    |    Version:
Resolution:           |   Keywords:
      Port:  openssh  |
----------------------+--------------------
Changes (by l2dy):

 * keywords:  security =>


Old description:

> https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
>
> Vulnerabilities
> ---------------
>
> 1. CWE-20: scp client improper directory name validation [CVE-2018-20685]
>
> The scp client allows server to modify permissions of the target
> directory by using empty
> ("D0777 0 \n") or dot ("D0777 0 .\n") directory name.
>

> 2. CWE-20: scp client missing received object name validation
> [CVE-2019-6111]
>
> Due to the scp implementation being derived from 1983 rcp [1], the server
> chooses which
> files/directories are sent to the client. However, scp client only
> perform cursory
> validation of the object name returned (only directory traversal attacks
> are prevented).
> A malicious scp server can overwrite arbitrary files in the scp client
> target directory.
> If recursive operation (-r) is performed, the server can manipulate
> subdirectories
> as well (for example overwrite .ssh/authorized_keys).
>
> The same vulnerability in WinSCP is known as CVE-2018-20684.
>

> 3. CWE-451: scp client spoofing via object name [CVE-2019-6109]
>
> Due to missing character encoding in the progress display, the object
> name can be used
> to manipulate the client output, for example to employ ANSI codes to hide
> additional
> files being transferred.
>

> 4. CWE-451: scp client spoofing via stderr [CVE-2019-6110]
>
> Due to accepting and displaying arbitrary stderr output from the scp
> server, a
> malicious server can manipulate the client output, for example to employ
> ANSI codes
> to hide additional files being transferred.

New description:



--

Comment:

 Sorry, none of the vulnerabilities were fixed in OpenSSH 7.9.

-- 
Ticket URL: <https://trac.macports.org/ticket/56216#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list