Write Operation Vulnerability in OpenSSH Affecting Multiple Unix Platforms
CVE-2017-15906

5.3MEDIUM

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 26 October 2017

Summary

The process_open function in sftp-server.c within OpenSSH versions before 7.6 is susceptible to a vulnerability that allows unauthorized write operations in read-only mode. This flaw can enable attackers to create zero-length files, posing a significant risk to system integrity and data management on affected Unix platforms.

References

https://www.openssh.com/txt/release-7.6

http://www.securityfocus.com/bid/101552

vdb-entry

https://github.com/openbsd/src/commit/a6981567e8e215acc1e...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2017
Vulnerability Reserved
Oct 25, 2017