CVE-2019-6109

MEDIUM EXPLOITED IN THE WILD RANSOMWARE

OpenSSH < 7.9 - Terminal Output Manipulation via ANSI Control Codes in Progress Display

Title source: llm

Exploitation Summary

CVE-2019-6109 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.

Description

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

References (13)

Core 13

Core References

Third Party Advisory vendor-advisory

https://www.debian.org/security/2019/dsa-4387

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/3885-1/

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/201903-16

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/

Broken Link vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html

Third Party Advisory vendor-advisory

https://access.redhat.com/errata/RHSA-2019:3702

Patch, Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Release Notes, Vendor Advisory

https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c

Release Notes, Vendor Advisory

https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190213-0001/

Third Party Advisory

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Patch, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Scores

CVSS v3 6.8

EPSS 0.0974

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

VulnCheck KEV 2020-07-19

InTheWild.io 2022-05-25

Ransomware Use Confirmed

CWE

CWE-116

Status published

Products (31)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 18.10

debian/debian_linux 8.0

debian/debian_linux 9.0

fedoraproject/fedora 30

fujitsu/m10-1_firmware < xcp2361

fujitsu/m10-4_firmware < xcp2361

fujitsu/m10-4s_firmware < xcp2361

... and 21 more

Published Jan 31, 2019

Tracked Since Feb 18, 2026