An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
2019-01-31T18:29:00.710
2024-11-21T04:45:57.517
Modified
CVSSv3.1: 6.8 (MEDIUM)
AV:N/AC:H/Au:N/C:P/I:P/A:N
4.9
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openbsd | openssh | ≤ 7.9 | Yes |
| Application | winscp | winscp | ≤ 5.13 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.10 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Application | netapp | element_software | - | Yes |
| Application | netapp | ontap_select_deploy | - | Yes |
| Application | netapp | storage_automation_store | - | Yes |
| Operating System | fedoraproject | fedora | 30 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.1 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.6 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.2 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.6 | Yes |
| Operating System | siemens | scalance_x204rna_firmware | < 3.2.7 | Yes |
| Hardware | siemens | scalance_x204rna | - | No |
| Operating System | siemens | scalance_x204rna_eec_firmware | < 3.2.7 | Yes |
| Hardware | siemens | scalance_x204rna_eec | - | No |
| Operating System | fujitsu | m10-1_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m10-1 | - | No |
| Operating System | fujitsu | m10-4_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m10-4 | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m12-1_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m12-1 | - | No |
| Operating System | fujitsu | m12-2_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m12-2 | - | No |
| Operating System | fujitsu | m12-2s_firmware | < xcp2361 | Yes |
| Hardware | fujitsu | m12-2s | - | No |
| Operating System | fujitsu | m10-1_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-1 | - | No |
| Operating System | fujitsu | m10-4_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-4 | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m12-1_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m12-1 | - | No |
| Operating System | fujitsu | m12-2_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m12-2 | - | No |
| Operating System | fujitsu | m12-2s_firmware | < xcp3070 | Yes |
| Hardware | fujitsu | m12-2s | - | No |