{"vulnerability": "CVE-2019-6109", "sightings": [{"uuid": "b6ac957d-50ef-4109-9854-9d68c19ebbc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "published-proof-of-concept", "source": "https://t.me/antichat/3382", "content": "#soft #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f #\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\n\n\u041d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u043e\u0441\u0442\u0438 \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438 SCP\n\n\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 SCP (\u043e\u0441\u043e\u0431\u043e \u0432\u0430\u0436\u043d\u043e \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u043a \u0447\u0443\u0436\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c):\nCVE-2019-6111 - \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 OpenSSH scp <=7.9 - \u043d\u0435\u0434\u043e\u0431\u0440\u043e\u0441\u043e\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u043a\u0430\u0442\u043e\u043b\u043e\u0433\u0438, \u0435\u0441\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u043e\u0435 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435.\nCVE-2018-20685 - OpenSSH scp <=7.9 \u0438 WinSCP <=5.13 - \u043d\u0435\u0434\u043e\u0431\u0440\u043e\u0441\u043e\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\nCVE-2019-6109 \u0438 CVE-2019-6110 - OpenSSH scp <=7.9 \u0438 PuTTY PSCP - \u0434\u0430\u044e\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u0432\u043e\u0434\u043e\u043c \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0447\u0435\u0440\u0435\u0437 \u0438\u043c\u0435\u043d\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u043f\u043e\u0442\u043e\u043a \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 ASCII \u0438 \u0441\u043a\u0440\u044b\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f WinSCP \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c - 5.14.\n\n\u0414\u043b\u044f OpenSSH \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442, \u043d\u043e \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447 https://sintonen.fi/advisories/scp-name-validator.patch\n\u041b\u0438\u0431\u043e \u043c\u043e\u0436\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c SFTP, \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 OpenSSH:\nSubsystem sftp /usr/lib/openssh/sftp-server (\u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435)\n\u0438\u043b\u0438\nSubsystem sftp internal-sftp (\u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 sshd)\n\n\u0414\u043b\u044f PuTTY \u043d\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043d\u043e \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u0435\u043c \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u0448\u0430\u044e\u0449\u0438\u0435.", "creation_timestamp": "2019-01-23T07:03:05.000000Z"}, {"uuid": "3a8e1989-69c4-4861-a79b-844aef35923d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/lSatndSHKvXeOOkCe4BtgugIcZcDihrdZBJA4iXwuYPkAsH3oA", "content": "", "creation_timestamp": "2025-08-17T02:42:32.000000Z"}, {"uuid": "97dea016-e73a-4f7e-8ba5-0180494ffd78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/10573", "content": "| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT* | CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408 | B8190CDB-3EB9-5631-9828-8064A1575B23 9.8 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 *EXPLOIT* | 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 *EXPLOIT* | 8AD01159-548E-546E-AA87-2DE89F3927EC 9.8 https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC *EXPLOIT* | 5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A 9.8 https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A *EXPLOIT* | 0221525F-07F5-5790-912D-F4B9E2D1B587 9.8 https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587 *EXPLOIT* | 95499236-C9FE-56A6-9D7D-E943A24B633A 8.9 https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A *EXPLOIT* | PACKETSTORM:140070 7.8 https://vulners.com/packetstorm/PACKETSTORM:140070 *EXPLOIT* | EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 7.8 https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 *EXPLOIT* | CVE-2020-15778 7.8 https://vulners.com/cve/CVE-2020-15778 | CVE-2016-10012 7.8 https://vulners.com/cve/CVE-2016-10012 | CVE-2015-8325 7.8 https://vulners.com/cve/CVE-2015-8325 | 1337DAY-ID-26494 7.8 https://vulners.com/zdt/1337DAY-ID-26494*EXPLOIT* | SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 *EXPLOIT* | PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 *EXPLOIT* | F0979183-AE88-53B4-86CF-3AF0523F3807 7.5 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 *EXPLOIT* | EDB-ID:40888 7.5 https://vulners.com/exploitdb/EDB-ID:40888 *EXPLOIT* | CVE-2016-8858 7.5 https://vulners.com/cve/CVE-2016-8858 | CVE-2016-6515 7.5 https://vulners.com/cve/CVE-2016-6515 | CVE-2016-10708 7.5 https://vulners.com/cve/CVE-2016-10708 | 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576*EXPLOIT* | CVE-2016-10009 7.3 https://vulners.com/cve/CVE-2016-10009 | SSV:92582 7.2 https://vulners.com/seebug/SSV:92582 *EXPLOIT* | CVE-2021-41617 7.0 https://vulners.com/cve/CVE-2021-41617 | CVE-2016-10010 7.0 https://vulners.com/cve/CVE-2016-10010 | SSV:92580 6.9 https://vulners.com/seebug/SSV:92580 *EXPLOIT* | 1337DAY-ID-26577 6.9 https://vulners.com/zdt/1337DAY-ID-26577*EXPLOIT* | PACKETSTORM:189283 6.8 https://vulners.com/packetstorm/PACKETSTORM:189283 *EXPLOIT* | F79E574D-30C8-5C52-A801-66FFA0610BAA 6.8 https://vulners.com/githubexploit/F79E574D-30C8-5C52-A801-66FFA0610BAA *EXPLOIT* | EDB-ID:46516 6.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT* | EDB-ID:46193 6.8 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT* | CVE-2025-26465 6.8 https://vulners.com/cve/CVE-2025-26465 | CVE-2019-6110 6.8 https://vulners.com/cve/CVE-2019-6110 | CVE-2019-6109 6.8 https://vulners.com/cve/CVE-2019-6109 | C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "5ba4689d-263b-4c09-b04b-ad8ffb5735e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/2960", "content": "| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT* | CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408 | B8190CDB-3EB9-5631-9828-8064A1575B23 9.8 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 *EXPLOIT* | 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 *EXPLOIT* | 8AD01159-548E-546E-AA87-2DE89F3927EC 9.8 https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC *EXPLOIT* | 5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A 9.8 https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A *EXPLOIT* | 0221525F-07F5-5790-912D-F4B9E2D1B587 9.8 https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587 *EXPLOIT* | 95499236-C9FE-56A6-9D7D-E943A24B633A 8.9 https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A *EXPLOIT* | PACKETSTORM:140070 7.8 https://vulners.com/packetstorm/PACKETSTORM:140070 *EXPLOIT* | EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 7.8 https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 *EXPLOIT* | CVE-2020-15778 7.8 https://vulners.com/cve/CVE-2020-15778 | CVE-2016-10012 7.8 https://vulners.com/cve/CVE-2016-10012 | CVE-2015-8325 7.8 https://vulners.com/cve/CVE-2015-8325 | 1337DAY-ID-26494 7.8 https://vulners.com/zdt/1337DAY-ID-26494*EXPLOIT* | SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 *EXPLOIT* | PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 *EXPLOIT* | F0979183-AE88-53B4-86CF-3AF0523F3807 7.5 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 *EXPLOIT* | EDB-ID:40888 7.5 https://vulners.com/exploitdb/EDB-ID:40888 *EXPLOIT* | CVE-2016-8858 7.5 https://vulners.com/cve/CVE-2016-8858 | CVE-2016-6515 7.5 https://vulners.com/cve/CVE-2016-6515 | CVE-2016-10708 7.5 https://vulners.com/cve/CVE-2016-10708 | 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576*EXPLOIT* | CVE-2016-10009 7.3 https://vulners.com/cve/CVE-2016-10009 | SSV:92582 7.2 https://vulners.com/seebug/SSV:92582 *EXPLOIT* | CVE-2021-41617 7.0 https://vulners.com/cve/CVE-2021-41617 | CVE-2016-10010 7.0 https://vulners.com/cve/CVE-2016-10010 | SSV:92580 6.9 https://vulners.com/seebug/SSV:92580 *EXPLOIT* | 1337DAY-ID-26577 6.9 https://vulners.com/zdt/1337DAY-ID-26577*EXPLOIT* | PACKETSTORM:189283 6.8 https://vulners.com/packetstorm/PACKETSTORM:189283 *EXPLOIT* | F79E574D-30C8-5C52-A801-66FFA0610BAA 6.8 https://vulners.com/githubexploit/F79E574D-30C8-5C52-A801-66FFA0610BAA *EXPLOIT* | EDB-ID:46516 6.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT* | EDB-ID:46193 6.8 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT* | CVE-2025-26465 6.8 https://vulners.com/cve/CVE-2025-26465 | CVE-2019-6110 6.8 https://vulners.com/cve/CVE-2019-6110 | CVE-2019-6109 6.8 https://vulners.com/cve/CVE-2019-6109 | C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "b094fbaa-70c2-44c3-bcf0-20933d2f0d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/xGsLy8z3fANiCroIRCfALnNfiha1hqkEaeyvq7MCrScixms", "content": "", "creation_timestamp": "2024-07-01T14:34:42.000000Z"}, {"uuid": "383f4caa-824e-4e19-bf5d-dcc18f818e04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/g4YVNsl8VVhm8hCc75QWhNv5PFRAQjIgSB1n0jxM2tiTPh-tRQ", "content": "", "creation_timestamp": "2025-02-01T09:42:01.000000Z"}, {"uuid": "34b3411c-eb22-4dd0-9fa0-c96c10e92de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/w0w9iKcyXi70OnNrtP96yLy6sw-7f3qLcDmBnN0l3DtxqHg", "content": "", "creation_timestamp": "2024-07-01T14:33:02.000000Z"}, {"uuid": "7b749adf-43b8-412f-a218-9d8174f8584b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/4r-JmUDZNqxxvmdkoRHwGE8rl_froMteEwJChso0bxMoyLA", "content": "", "creation_timestamp": "2022-06-13T11:09:08.000000Z"}, {"uuid": "43a52a02-94b3-417f-8094-d0823f432076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/eHFsan1m1sbQ7WGhWquYDZEyTPqYuvjFlFdG01P5qU4UKPM", "content": "", "creation_timestamp": "2022-06-01T15:37:55.000000Z"}, {"uuid": "8a9533ed-018a-457a-b998-5b1dc94751ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/RJJYy2hOykdTHQv9MovqUH5Nr_vdKbqoUJawTNQiy6Aw7FQ", "content": "", "creation_timestamp": "2022-05-31T23:13:36.000000Z"}, {"uuid": "a94a3d3f-226c-49d6-8e0c-2e1e4d562aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "https://t.me/ctinow/168355", "content": "https://ift.tt/Z7YIJnr\nCVE-2019-6109 | Oracle Fujitsu M10-1 OpenSSH access control", "creation_timestamp": "2024-01-15T14:11:38.000000Z"}, {"uuid": "0a5ba850-4b02-44b7-b61f-f5992f52326b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6109", "type": "seen", "source": "Telegram/2G0LL9YDDO0dQKSo5p4zQWAL-pbipATIxiBPSKqKsYKP6RG0", "content": "", "creation_timestamp": "2024-07-01T14:30:24.000000Z"}]}