Inappropriate Encoding for Output Context in openssh

Do your applications use this vulnerable package? Test your applications

Overview

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

References

Debian Security Tracker
Exploit DB
Gentoo Security Advisory
MISC
MISC
MISC
Netapp Security Advisory
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

None

CVE: CVE-2019-6110
CWE: CWE-838
Snyk ID: SNYK-UBUNTU1804-OPENSSH-369024
Disclosed: 31 Jan, 2019
Published: 15 Jan, 2019

Inappropriate Encoding for Output Context
Affecting openssh package, versions <0.0.0

Overview

References

CVSS Score

Inappropriate Encoding for Output Context Affecting openssh package, versions <0.0.0

Overview

References

Inappropriate Encoding for Output Context
Affecting openssh package, versions <0.0.0