ALAS2-2019-1216 --- openssh pam_ssh_agent_authID: oval:org.secpod.oval:def:1700178 | Date: (C)2019-06-25 (M)2023-12-20 |
Class: PATCH | Family: unix |
An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary files in the scp client target directory. If recursive operation is performed, the server can manipulate subdirectories as well .In OpenSSH, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.An issue was discovered in OpenSSH. Due to missing character encoding in the progress display, a malicious server can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter in progressmeter.c.
Product: |
openssh |
pam_ssh_agent_auth |