The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OpenSSH

vulnerability announce CVE-2019-6110

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes stderr File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: AIX, IBM i, OpenSSH, openSUSE Leap, Solaris, PuTTY, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: bulletinjan2019, CVE-2019-6110, ibm10731015, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, VIGILANCE-VUL-28262.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6109

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: Debian, Fedora, AIX, IBM i, OpenSSH, openSUSE Leap, Solaris, PuTTY, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: bulletinjan2019, CVE-2019-6109, DLA-1728-1, DSA-4387-1, DSA-4387-2, FEDORA-2019-0f4190cdb0, ibm10731015, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, openSUSE-SU-2019:0307-1, openSUSE-SU-2019:1602-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:0496-1, SUSE-SU-2019:0941-1, SUSE-SU-2019:13931-1, SUSE-SU-2019:14016-1, SUSE-SU-2019:14030-1, SUSE-SU-2019:1524-1, USN-3885-1, USN-3885-2, VIGILANCE-VUL-28261.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-15919

OpenSSH: information disclosure via GSS User Enumeration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via GSS User Enumeration of OpenSSH, in order to obtain sensitive information.
Impacted products: OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/08/2018.
Identifiers: CVE-2018-15919, openSUSE-SU-2018:3801-1, SUSE-SU-2018:3540-1, SUSE-SU-2018:3686-1, SUSE-SU-2018:3768-1, SUSE-SU-2018:3776-1, SUSE-SU-2018:3781-1, VIGILANCE-VUL-27089.

Description of the vulnerability

An attacker can bypass access restrictions to data via GSS User Enumeration of OpenSSH, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-15473

OpenSSH: information disclosure via Username Enumeration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of OpenSSH, in order to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, AIX, McAfee Web Gateway, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 16/08/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-410, CVE-2018-15473, DLA-1474-1, DSA-4280-1, FEDORA-2018-065a7722ee, FEDORA-2018-f56ded11c4, NTAP-20181101-0001, openSUSE-SU-2018:3801-1, openSUSE-SU-2018:3946-1, RHSA-2019:0711-01, SB10267, SSB-439005, SUSE-SU-2018:3540-1, SUSE-SU-2018:3686-1, SUSE-SU-2018:3768-1, SUSE-SU-2018:3776-1, SUSE-SU-2018:3781-1, SUSE-SU-2018:3910-1, SYMSA1469, USN-3809-1, VIGILANCE-VUL-27016.

Description of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of OpenSSH, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-10708

OpenSSH: NULL pointer dereference via a NEWKEYS message

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Data ONTAP, OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 22/01/2018.
Identifiers: CVE-2016-10708, DLA-1257-1, DLA-1500-1, DLA-1500-2, K32485746, NTAP-20180423-0003, openSUSE-SU-2018:2128-1, SUSE-SU-2018:1989-1, SUSE-SU-2018:2275-1, SUSE-SU-2018:2530-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, SYMSA1469, USN-3809-1, VIGILANCE-VUL-25131.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability 25030

OpenSSH: code execution via internal-sftp/writable-chroot/sshrc

Synthesis of the vulnerability

In a specific configuration of OpenSSH (internal-sftp with a writable chroot), a remote attacker can run code via /etc/ssh/sshrc.
Impacted products: OpenSSH.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 12/01/2018.
Identifiers: VIGILANCE-VUL-25030.

Description of the vulnerability

In a specific configuration of OpenSSH (internal-sftp with a writable chroot), a remote attacker can run code via /etc/ssh/sshrc.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15906

OpenSSH: empty file creation via read-only sftp-server

Synthesis of the vulnerability

An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Impacted products: Debian, Fedora, AIX, Junos Space, Junos Space Network Management Platform, OpenSSH, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 04/10/2017.
Identifiers: bulletinjan2019, CVE-2017-15906, DLA-1500-1, DLA-1500-2, FEDORA-2017-4862a3bfb1, FEDORA-2017-78f0991378, FEDORA-2017-96d1995b70, JSA10880, openSUSE-SU-2017:3243-1, RHSA-2018:0980-01, SUSE-SU-2018:2275-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3538-1, VIGILANCE-VUL-24020.

Description of the vulnerability

An attacker can use sftp-server of OpenSSH, in order to create an empty file, even if the read-only mode is selected.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 22184

OpenSSH: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSH.
Impacted products: OpenSSH.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/03/2017.
Identifiers: 1058, VIGILANCE-VUL-22184.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

An attacker can bypass security features via CBC Padding, in order to obtain sensitive information. [severity:1/4]

A malicious server can traverse directories via sftp-client in recursive transfer, in order to create a file outside the root path. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6563 CVE-2015-6564 CVE-2015-6565

OpenSSH: three vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use several vulnerabilities of OpenSSH.
Impacted products: Blue Coat CAS, DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, McAfee Email Gateway, OpenBSD, OpenSSH, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/08/2015.
Revisions dates: 03/09/2015, 27/01/2017.
Identifiers: BFS-SA-2015-002, BSA-2015-009, BSA-2019-764, BSA-2019-766, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CERTFR-2019-AVI-325, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565, DLA-1500-1, DLA-1500-2, FEDORA-2015-13520, FreeBSD-SA-15:22.openssh, JSA10774, JSA10840, JSA10940, K17263, RHSA-2015:2088-06, RHSA-2016:0741-01, SA104, SB10177, SB10178, SOL17263, SUSE-SU-2015:1581-1, SYMSA1337, VIGILANCE-VUL-17643.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

A local attacker can write a message (or ANSI sequences) on the tty of other users, because the tty is world-writable. It is also possible to use the TIOCSTI ioctl, in order to inject shell commands. [severity:2/4; CVE-2015-6565]

On OpenSSH Portable, a local attacker can use PAM and compromise the pre-authentication process, in order to impersonate other users. [severity:2/4; BFS-SA-2015-002, CVE-2015-6563]

On OpenSSH Portable, an attacker can compromise the pre-authentication process and force the usage of a freed memory area in PAM support, in order to trigger a denial of service, and possibly to run code. [severity:2/4; BFS-SA-2015-002, CVE-2015-6564]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-10009 CVE-2016-10010 CVE-2016-10011

OpenSSH: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSH.
Impacted products: Mac OS X, Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, SRX-Series, McAfee Email Gateway, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 19/12/2016.
Identifiers: 1009, 1010, bulletinapr2017, CERTFR-2019-AVI-325, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, DLA-1500-1, DLA-1500-2, FEDORA-2017-4767e2991d, FreeBSD-SA-17:01.openssh, HPESBUX03818, HT207615, JSA10880, JSA10940, K24324390, K31440025, K62201745, K64292204, NTAP-20171130-0002, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, RHSA-2017:2029-01, SA144, SSA-181018, SSA:2016-358-02, SUSE-SU-2018:2275-1, SUSE-SU-2018:2685-1, SUSE-SU-2018:3540-1, USN-3538-1, VIGILANCE-VUL-21419.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

An attacker can bypass security features via ssh-agent, in order to escalate his privileges. [severity:2/4; CVE-2016-10009]

An attacker can bypass security features via Unix Domain Sockets, in order to escalate his privileges. [severity:2/4; CVE-2016-10010]

An attacker can bypass security features via Privilege-separated Child realloc(), in order to obtain sensitive information. [severity:1/4; CVE-2016-10011]

An attacker can generate a buffer overflow via Pre-authentication Compression, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10012]

An attacker can bypass security features via AllowUser/DenyUsers Address Ranges, in order to escalate his privileges. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OpenSSH: