CVE-2017-15906
- Source
- https://cve.org/CVERecord?id=CVE-2017-15906
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15906.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-15906
- Downstream
- Related
- Published
- 2017-10-26T03:29:00.220Z
- Modified
- 2026-02-14T07:21:53.115848Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
- References
-
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- http://www.securityfocus.com/bid/101552
- https://access.redhat.com/errata/RHSA-2018:0980
- https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- https://security.gentoo.org/glsa/201801-05
- https://security.netapp.com/advisory/ntap-20180423-0004/
- https://www.openssh.com/txt/release-7.6
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Affected packages
Git / github.com/openbsd/src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openbsd/src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2017-15906-09c3b956",
"signature_version": "v1",
"digest": {
"function_hash": "245508202350905329393278082937121320963",
"length": 1097.0
},
"deprecated": false,
"source": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"signature_type": "Function",
"target": {
"file": "usr.bin/ssh/sftp-server.c",
"function": "process_open"
}
},
{
"id": "CVE-2017-15906-37a449e1",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"73451354983332106238004573019954184765",
"115047829827750025844972100937310889789",
"225154063895468876819726826952558484895",
"228425264224619864482417641601121868070",
"128057601860705487882805129516859362391",
"140618039411384439181225380759627597025"
]
},
"deprecated": false,
"source": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"signature_type": "Line",
"target": {
"file": "usr.bin/ssh/sftp-server.c"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15906.json"