[Bug 3007] New: Provide regression tests for scp vulnerabilities

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 10 22:29:45 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3007

            Bug ID: 3007
           Summary: Provide regression tests for scp vulnerabilities
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Regression tests
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3280
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3280&action=edit
Patch from sintonen.fi

The original reporter provided a list of test cases to extend the
existing regression tests for scp, but they were not incorporated into
the tree with the final patches.

I am not sure whether there was some specific reason for this omission
or it was intentional, but having this inside of package regression
testsuite sounds very useful for QA of the tool.

>From what I see, they cover the three vulnerabilities:
 * empty or dot filename: CVE-2018-20685
 * sending additional files by malicious server: CVE-2019-6111

See attached patch (subset of the patch provided on the advisory page
below). I successfully verified that it works fine with 8.0, but fails
with 7.9.

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list