Source: openssh Version: 1:7.9p1-7 Severity: important Tags: security Control: found -1 1:7.9p1-6 Control: found -1 1:7.4p1-10+deb9u5 Control: found -1 1:6.7p1-5+deb8u7
Hi, while working on a fixed openssh version for Debian jessie LTS regarding CVE-2019-6110 CVE-2019-6111 CVE-2018-20685after several checks, code readings, double checking, I am pretty sure that CVE-2019-6111 is still not yet fixed. Neither in Debian, nor openssh upstream (though I haven't tested that, only from code readings I assume that).
What I tested this with is this piece of Python code: https://www.exploit-db.com/exploits/46193In fact, the sshtranger_things.py script needs a little bit of patching, to not throw unwanted exceptions:
```
--- sshtranger_things.py.orig 2019-02-28 21:48:41.868955825 +0100
+++ sshtranger_things.py 2019-02-28 20:47:01.456096511 +0100
@@ -85,7 +85,10 @@
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_channel_exec_request(self, channel, command):
- command = command.decode('ascii')
+ try:
+ command = command.decode('ascii')
+ except:
+ pass
logging.info('Approving exec request: %s', command)
parts = command.split(' ')
# Make sure that this is a request to get a file:
```
Can someone please double-check this with a second pair of eyes? I
guess this needs to be communicated back to upstream. Can this be
handled by the security team and/or the package maintainers?
Thanks+Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
pgpdLn8k2CcJM.pgp
Description: Digitale PGP-Signatur
