CVE-2019-6110
Publication date 31 January 2019
Last updated 24 July 2024
Ubuntu priority
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openssh | 20.04 LTS focal | Ignored |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Ignored | |
| openssh-ssh1 | 20.04 LTS focal | Ignored |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
seth-arnold
openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment.
mdeslaur
The recommended workaround for this issue is to switch to using sftp instead of scp. Per https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html upstream doesn't consider this to be a vulnerability, and as of 2020-07-07, there is no upstream fix. We will not be fixing this issue in Ubuntu stable releases.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.8 · Medium
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |