CVE-2017-15906

5.3MEDIUM

Key Information:

Vendor
OpenBSD
Status
Openssh
Vendor
CVE Published:
26 October 2017

Summary

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

References

https://www.openssh.com/txt/release-7.6
http://www.securityfocus.com/bid/101552
vdb-entry
https://github.com/openbsd/src/commit/a6981567e8e215acc1e...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.