CVE-2017-15906

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15906
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15906.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15906
Downstream
Related
Published
2017-10-26T03:29:00Z
Modified
2025-10-14T16:08:29.784592Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a6981567e8e215acc1ef690c8dbb30f2d9b00a19
Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
66bf74a92131b7effe49fb0eefe5225151869dc5

Affected versions

Other

ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
V_4_2_P1
V_5_0_P1
V_5_1_P1
V_5_2_P1
V_5_5_P1
V_5_7_P1
V_6_0_P1
V_6_1_P1
V_6_2_P1
V_6_5_P1
V_6_6_P1
V_6_8_P1
V_6_9_P1
V_7_0_P1
V_7_1_P1
V_7_2_P1
V_7_3_P1
V_7_4_P1
V_7_5_P1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
        "signature_version": "v1",
        "target": {
            "file": "usr.bin/ssh/sftp-server.c",
            "function": "process_open"
        },
        "digest": {
            "length": 1097.0,
            "function_hash": "245508202350905329393278082937121320963"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-15906-09c3b956"
    },
    {
        "source": "https://github.com/openssh/openssh-portable/commit/66bf74a92131b7effe49fb0eefe5225151869dc5",
        "signature_version": "v1",
        "target": {
            "file": "servconf.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "79029947967818200721355068208786597809",
                "77853498154400323396518088625010115415",
                "268877291144902812295503531205744277960",
                "280892792703464745601877662259899291724",
                "283502225313182026327669295555407248695"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-15906-360f872e"
    },
    {
        "source": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
        "signature_version": "v1",
        "target": {
            "file": "usr.bin/ssh/sftp-server.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "73451354983332106238004573019954184765",
                "115047829827750025844972100937310889789",
                "225154063895468876819726826952558484895",
                "228425264224619864482417641601121868070",
                "128057601860705487882805129516859362391",
                "140618039411384439181225380759627597025"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-15906-37a449e1"
    },
    {
        "source": "https://github.com/openssh/openssh-portable/commit/66bf74a92131b7effe49fb0eefe5225151869dc5",
        "signature_version": "v1",
        "target": {
            "file": "monitor.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "311485281856427141192081750490489962261",
                "20931721351770823892963951840738827003",
                "80987361099183754224328866329143632972",
                "258874072705965473424444661351981976079",
                "196434860077555402256406014269679425315",
                "9307661487544646414396110207111741407",
                "43704091906660878372593406058490428367",
                "221055566254099029738270213230424269474"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-15906-61f5ac93"
    },
    {
        "source": "https://github.com/openssh/openssh-portable/commit/66bf74a92131b7effe49fb0eefe5225151869dc5",
        "signature_version": "v1",
        "target": {
            "file": "servconf.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "186023089215617829128658093752918424562",
                "277728783570913075901280264746461193166",
                "271805213036176209986841484488758315621",
                "149799233050313836625691637518151346167",
                "237230542325546270649432656318064392907",
                "249682326877442407827138571995558370246",
                "308074672074757758578285663153194373492",
                "52369010191972798770980000799777133712",
                "176867238064493190420783257875476003269"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-15906-9bf8851e"
    },
    {
        "source": "https://github.com/openssh/openssh-portable/commit/66bf74a92131b7effe49fb0eefe5225151869dc5",
        "signature_version": "v1",
        "target": {
            "file": "monitor_wrap.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "123299733082017567328061069905839651551",
                "275526744511639397224161220911049167047",
                "300188845767632654615938292445397191443",
                "132807140414766101206872787469164074875",
                "196434860077555402256406014269679425315",
                "222817316289057585556516792964365074219",
                "35318005652860758439782592685762608767",
                "335420158061575882367860763070171613617"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-15906-ab667834"
    }
]