Vulnerability & Exploit Database

Displaying all 5 entries

Results for: CVE-2019-6111 Back to search

OpenSSH Vulnerability: CVE-2019-6111 Vulnerability

  • Severity: 6
  • Published: January 31, 2019

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-...

Ubuntu: USN-3885-1 (CVE-2019-6111): OpenSSH vulnerabilities Vulnerability

  • Severity: 6
  • Published: January 18, 2019

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-...

SUSE: CVE-2019-6111: SUSE Linux Security Advisory Vulnerability

  • Severity: 6
  • Published: January 18, 2019

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2019-6111:

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which f...

Debian: CVE-2019-6111: openssh -- security update Vulnerability

  • Severity: 6
  • Published: January 18, 2019

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-...

F5 Networks: K21350967 (CVE-2019-6111): OpenSSH vulnerability CVE-2019-6111 Vulnerability

  • Severity: 6
  • Published: January 17, 2019

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-...