CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	openssh	< openssh 1:7.6p1-1 (bookworm)	openssh 1:7.6p1-1 (bookworm)
netapp	storage_replication_adapter_for_clustered_data_ontap	—	—
netapp	storage_replication_adapter_for_clustered_data_ontap	>= 9.7	—
netapp	vasa_provider_for_clustered_data_ontap	6.0 – 6.2	—
netapp	vasa_provider_for_clustered_data_ontap	>= 9.7	—
netapp	virtual_storage_console	—	—
netapp	virtual_storage_console	>= 9.7	—
openbsd	openssh	< 7.6	7.6
openbsd	openssh	>= 0 < 1:7.6p1-1	1:7.6p1-1
openbsd	openssh	>= 0 < 1:7.6p1-1	1:7.6p1-1
openbsd	openssh	>= 0 < 1:7.6p1-1	1:7.6p1-1
openbsd	openssh	>= 0 < 1:7.6p1-1	1:7.6p1-1
openbsd	openssh	>= 0 < 1:6.6p1-2ubuntu2.10	1:6.6p1-2ubuntu2.10
openbsd	openssh	>= 0 < 1:7.2p2-4ubuntu2.4	1:7.2p2-4ubuntu2.4
oracle	sun_zfs_storage_appliance_kit	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

osv7.3HIGH