Home CVE Database CVE-2017-15906

CVE-2017-15906

Description

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Priority: MEDIUM
CVSS v3: 5.3
Publish Date: Oct 25, 2017
Related ID: --
CVSS v2: Medium
Modified Date: Oct 25, 2017

Find out more about CVE-2017-15906 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

openssh

Live chat
Online