CVE-2017-15906

Published: Oct 26, 2017

Modified: May 28, 2026

PUBLISHED

Description

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openssh.com/txt/release-7.6

101552

vdb-entry

https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19

GLSA-201801-05

vendor-advisory

https://security.netapp.com/advisory/ntap-20180423-0004/

RHSA-2018:0980

vendor-advisory

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

mailing-list

https://www.oracle.com/security-alerts/cpujan2020.html

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15906

Description

Affected Products

References