Showing 1 - 4 of 4

CVE-2019-14889

Status Candidate

Overview

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Related Files

Red Hat Security Advisory 2020-5149-01: Posted Nov 18, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-5149-01 - Red Hat OpenShift Serverless 1.11.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6.; tags | advisory; systems | linux, redhat; advisories | CVE-2018-20843, CVE-2019-13050, CVE-2019-13627, CVE-2019-14889, CVE-2019-1551, CVE-2019-15903, CVE-2019-16168, CVE-2019-16935, CVE-2019-19221, CVE-2019-19906, CVE-2019-19956, CVE-2019-20218, CVE-2019-20387, CVE-2019-20388, CVE-2019-20454, CVE-2019-20907, CVE-2019-20916, CVE-2019-5018, CVE-2020-10029, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-14040, CVE-2020-14422, CVE-2020-1730, CVE-2020-1751, CVE-2020-1752; MD5 | ced99e921e2b5fefdcc67c5c7a1b02e0; Download | Favorite | View

Red Hat Security Advisory 2020-4545-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4545-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, protocol; systems | linux, redhat; advisories | CVE-2019-14889, CVE-2020-1730; MD5 | bf3f82de4f778f4cd190a7b39cb2124f; Download | Favorite | View

Gentoo Linux Security Advisory 202003-27: Posted Mar 16, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202003-27 - A vulnerability in libssh could allow a remote attacker to execute arbitrary commands. Versions less than 0.9.3 are affected.; tags | advisory, remote, arbitrary; systems | linux, gentoo; advisories | CVE-2019-14889; MD5 | 2832ef60d9fde5502277348d43aa8605; Download | Favorite | View

Ubuntu Security Notice USN-4219-1: Posted Dec 10, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4219-1 - It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2019-14889; MD5 | 83a46e77959c6c7efba0b0d10a2979bf; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 192 files
Ubuntu 56 files
Gentoo 19 files
Apple 9 files
LiquidWorm 7 files
Google Security Research 7 files
SamAlucard 7 files
yunaranyancat 6 files
Jim Becher 6 files
Mufaddal Masalawala 5 files

File Archives

Systems

AIX (421)
Apple (1,751)
BSD (368)
Cisco (1,899)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (3,976)
HPUX (873)
iOS (277)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (38,915)
Mac OS X (670)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,375)
Slackware (941)
Solaris (1,595)
SUSE (1,444)
Ubuntu (6,994)
UNIX (8,783)
UnixWare (180)
Windows (5,686)
Other

CVE-2019-14889

Overview

Related Files

File Archive:

November 2020

Top Authors In Last 30 Days

File Tags

File Archives

Systems