Vulnerability Description
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | < 7.6 |
| Oracle | Sun Zfs Storage Appliance Kit | 8.8.6 |
| Debian | Debian Linux | 8.0 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Cloud Backup | - |
| Netapp | Clustered Data Ontap | - |
| Netapp | Data Ontap Edge | - |
| Netapp | Hci Management Node | - |
| Netapp | Oncommand Unified Manager Core Package | - |
| Netapp | Solidfire | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Netapp | Storage Replication Adapter For Clustered Data Ontap | >= 9.7 |
| Netapp | Vasa Provider For Clustered Data Ontap | >= 6.0, <= 6.2 |
| Netapp | Virtual Storage Console | >= 9.7 |
| Netapp | Cn1610 Firmware | - |
| Netapp | Cn1610 | - |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.6 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101552Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0980Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/201801-05Third Party Advisory
- https://security.netapp.com/advisory/ntap-20180423-0004/Third Party Advisory
- https://www.openssh.com/txt/release-7.6Release NotesVendor Advisory
- https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
- http://www.securityfocus.com/bid/101552Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0980Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/201801-05Third Party Advisory
FAQ
What is CVE-2017-15906?
CVE-2017-15906 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
How severe is CVE-2017-15906?
CVE-2017-15906 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15906?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Oracle Sun Zfs Storage Appliance Kit, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp Cloud Backup.