CVE-2019-6111

CVE-2019-6110 / CVE-2019-6111

About

• https://nvd.nist.gov/vuln/detail/CVE-2019-6110
• https://nvd.nist.gov/vuln/detail/CVE-2019-6111

PoC / Exploit

• https://www.exploit-db.com/exploits/46193/
• https://gist.github.com/mehaase/63e45c17bdbbd59e8e68d02ec58f4ca2

Environment used

• Ubuntu 20.04 LTS
• OpenSSH 7.9

Reproduction

• Server

docker run --rm -p 5555:5555 -it simaofsilva/cve-2019-6111 

• Client

docker run --rm -it simaofsilva/cve-2019-6111-client
scp -P 5555 {USER}@{IP}:{FILE} .

The result of ls -a will show the file requested FILE with his content adulterated and another called exploit.txt.
The FILE must be in the home directory of USER.

Links

• OpenSSL versions
• Tutorial SSL source compilation
• OpenSSH old versions
• Tutorial SSH source compilation
• Release with patch