1121816 – (CVE-2019-6109) VUL-0: CVE-2019-6109: openssh-openssl1,openssh,putty: scp client spoofing via object name

Bug 1121816 (CVE-2019-6109) - VUL-0: CVE-2019-6109: openssh-openssl1,openssh,putty: scp client spoofing via object name

Summary: VUL-0: CVE-2019-6109: openssh-openssl1,openssh,putty: scp client spoofing via...

Status:	RESOLVED FIXED

Alias:	CVE-2019-6109

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2019-04-08
Assignee:	Hans Petter Jansson
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/222748/
Whiteboard:	CVSSv3:SUSE:CVE-2019-6109:4.6:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-01-14 10:36 UTC by Karol Babioch
Modified:	2024-04-16 07:26 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2019-01-14 10:36:03 UTC

3. CWE-451: scp client spoofing via object name [CVE-2019-6109]

Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6109
http://seclists.org/oss-sec/2019/q1/63
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
https://sintonen.fi/advisories/scp-name-validator.patch

Comment 1 Andreas Stieger 2019-01-16 16:10:54 UTC

on openSUSE: also putty(pscp).

Comment 6 Swamp Workflow Management 2019-01-18 17:12:18 UTC

SUSE-SU-2019:0125-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssh-6.6p1-54.26.1, openssh-askpass-gnome-6.6p1-54.26.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.26.1, openssh-askpass-gnome-6.6p1-54.26.1

Comment 7 Swamp Workflow Management 2019-01-18 17:15:27 UTC

SUSE-SU-2019:0126-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    openssh-7.6p1-9.13.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    openssh-7.6p1-9.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    openssh-askpass-gnome-7.6p1-9.13.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    openssh-7.6p1-9.13.1

Comment 8 Swamp Workflow Management 2019-01-18 20:10:05 UTC

SUSE-SU-2019:13931-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-36.12.1, openssh-askpass-gnome-6.6p1-36.12.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-36.12.1, openssh-askpass-gnome-6.6p1-36.12.1

Comment 9 Swamp Workflow Management 2019-01-21 14:12:46 UTC

SUSE-SU-2019:0132-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE OpenStack Cloud 7 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP4 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP3 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE Enterprise Storage 4 (src):    openssh-7.2p2-74.35.1, openssh-askpass-gnome-7.2p2-74.35.1
SUSE CaaS Platform ALL (src):    openssh-7.2p2-74.35.1
SUSE CaaS Platform 3.0 (src):    openssh-7.2p2-74.35.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.35.1

Comment 11 Swamp Workflow Management 2019-01-28 14:09:25 UTC

openSUSE-SU-2019:0091-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
openSUSE Leap 15.0 (src):    openssh-7.6p1-lp150.8.9.1, openssh-askpass-gnome-7.6p1-lp150.8.9.1

Comment 12 Swamp Workflow Management 2019-01-29 14:13:37 UTC

openSUSE-SU-2019:0093-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
openSUSE Leap 42.3 (src):    openssh-7.2p2-29.1, openssh-askpass-gnome-7.2p2-29.1

Comment 14 Vítězslav Čížek 2019-02-05 16:49:18 UTC

We reverted the fixes for the recent scp issues (CVE-2019-6109, CVE-2019-6110, CVE-2019-6111) due to the reported regression (bug 1123028) causing a change of scp's behavior.

None of the patches came from upstream and there could be more incompatibilities lurking.

A patch should hopefully appear in the next openssh release.

Upstream assessment (https://lists.gt.net/openssh/dev/73013#73013) of CVE-2019-6109:

"We consider the last bug, relating to filename printing to be a
usability problem. The reporters' patch is incorrect though, we had
developed a similar one at https://bugzilla.mindrot.org/b/2434 and
rejected it because it attempts unsafe operations in signal context.
We'll hopefully have a fix for that in 8.0 too."

Comment 17 Swamp Workflow Management 2019-02-19 09:00:07 UTC

This is an autogenerated message for OBS integration:
This bug (1121816) was mentioned in
https://build.opensuse.org/request/show/677282 Factory / openssh

Comment 20 Swamp Workflow Management 2019-02-26 20:13:48 UTC

SUSE-SU-2019:0496-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121816,1121821,1125687
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    openssh-7.6p1-9.23.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    openssh-7.6p1-9.23.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    openssh-askpass-gnome-7.6p1-9.23.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    openssh-7.6p1-9.23.1

Comment 21 Swamp Workflow Management 2019-03-08 14:12:00 UTC

openSUSE-SU-2019:0307-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121816,1121821,1125687
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
openSUSE Leap 15.0 (src):    openssh-7.6p1-lp150.8.15.2, openssh-askpass-gnome-7.6p1-lp150.8.15.1

Comment 22 Vítězslav Čížek 2019-03-11 13:43:44 UTC

Upstream patches for CVE-2019-6109:
https://anongit.mindrot.org/openssh.git/patch/?id=8976f1c4b2721c26e878151f52bdf346dfe2d54c
https://anongit.mindrot.org/openssh.git/patch/?id=bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb

Comment 25 Swamp Workflow Management 2019-04-01 16:24:40 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2019-04-08.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64248

Comment 27 Swamp Workflow Management 2019-04-11 19:10:11 UTC

SUSE-SU-2019:14016-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1090671,1115550,1119183,1121816,1121821,1131709
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssh-6.6p1-41.18.1, openssh-askpass-gnome-6.6p1-41.18.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.6p1-41.18.1, openssh-askpass-gnome-6.6p1-41.18.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2019-04-12 19:11:06 UTC

SUSE-SU-2019:0941-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1090671,1115550,1119183,1121816,1121821
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssh-6.6p1-54.32.1, openssh-askpass-gnome-6.6p1-54.32.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssh-6.6p1-54.32.1, openssh-askpass-gnome-6.6p1-54.32.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.32.1, openssh-askpass-gnome-6.6p1-54.32.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2019-04-25 13:11:44 UTC

SUSE-SU-2019:14030-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1090671,1115550,1119183,1121816,1121821,1131709
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    openssh-6.6p1-36.20.1, openssh-askpass-gnome-6.6p1-36.20.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-36.20.1, openssh-askpass-gnome-6.6p1-36.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2019-04-29 10:19:39 UTC

SUSE-SU-2019:0125-2: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1121571,1121816,1121818,1121821
CVE References: CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssh-6.6p1-54.26.1, openssh-askpass-gnome-6.6p1-54.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2019-06-17 19:12:03 UTC

SUSE-SU-2019:1524-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1065237,1090671,1119183,1121816,1121821,1131709
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
SUSE OpenStack Cloud 7 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Server 12-SP4 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Server 12-SP3 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Desktop 12-SP4 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE Enterprise Storage 4 (src):    openssh-7.2p2-74.42.8, openssh-askpass-gnome-7.2p2-74.42.10
SUSE CaaS Platform ALL (src):    openssh-7.2p2-74.42.8
SUSE CaaS Platform 3.0 (src):    openssh-7.2p2-74.42.8
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.42.8

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2019-06-24 13:31:29 UTC

openSUSE-SU-2019:1602-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1065237,1090671,1119183,1121816,1121821,1131709
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
openSUSE Leap 42.3 (src):    openssh-7.2p2-35.1, openssh-askpass-gnome-7.2p2-35.1

Comment 33 Robert Frohl 2021-12-06 08:22:57 UTC

still missing for SUSE:SLE-11-SP3:Update/openssh-openssl1, re-assigning

Comment 37 Marcus Meissner 2024-04-16 07:26:30 UTC

released