[Buildroot] [PATCH] openssh: add upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Thu Feb 21 10:33:34 UTC 2019
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> CVE-2019-6109: Due to missing character encoding in the progress
> display, a malicious server (or Man-in-The-Middle attacker) can employ
> crafted object names to manipulate the client output, e.g., by using
> ANSI control codes to hide additional files being transferred. This
> affects refresh_progress_meter() in progressmeter.c.
> CVE-2019-6111: Due to the scp implementation being derived from 1983
> rcp, the server chooses which files/directories are sent to the client.
> However, the scp client only performs cursory validation of the object
> name returned (only directory traversal attacks are prevented). A
> malicious scp server (or Man-in-The-Middle attacker) can overwrite
> arbitrary files in the scp client target directory. If recursive
> operation (-r) is performed, the server can manipulate subdirectories as
> well (for example, to overwrite the .ssh/authorized_keys file).
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2018.02.x and 2018.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list