[MacPorts] #56216: openssh: update to 7.9p1
MacPorts
noreply at macports.org
Mon Jan 14 10:49:58 UTC 2019
#56216: openssh: update to 7.9p1
----------------------+--------------------
Reporter: l2dy | Owner: (none)
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: openssh |
----------------------+--------------------
Changes (by l2dy):
* keywords: security =>
Old description:
> https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
>
> Vulnerabilities
> ---------------
>
> 1. CWE-20: scp client improper directory name validation [CVE-2018-20685]
>
> The scp client allows server to modify permissions of the target
> directory by using empty
> ("D0777 0 \n") or dot ("D0777 0 .\n") directory name.
>
> 2. CWE-20: scp client missing received object name validation
> [CVE-2019-6111]
>
> Due to the scp implementation being derived from 1983 rcp [1], the server
> chooses which
> files/directories are sent to the client. However, scp client only
> perform cursory
> validation of the object name returned (only directory traversal attacks
> are prevented).
> A malicious scp server can overwrite arbitrary files in the scp client
> target directory.
> If recursive operation (-r) is performed, the server can manipulate
> subdirectories
> as well (for example overwrite .ssh/authorized_keys).
>
> The same vulnerability in WinSCP is known as CVE-2018-20684.
>
> 3. CWE-451: scp client spoofing via object name [CVE-2019-6109]
>
> Due to missing character encoding in the progress display, the object
> name can be used
> to manipulate the client output, for example to employ ANSI codes to hide
> additional
> files being transferred.
>
> 4. CWE-451: scp client spoofing via stderr [CVE-2019-6110]
>
> Due to accepting and displaying arbitrary stderr output from the scp
> server, a
> malicious server can manipulate the client output, for example to employ
> ANSI codes
> to hide additional files being transferred.
New description:
--
Comment:
Sorry, none of the vulnerabilities were fixed in OpenSSH 7.9.
--
Ticket URL: <https://trac.macports.org/ticket/56216#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list