CVE-2017-15906
MEDIUMOpenbsd Openssh < 7.6 - Incorrect Permission Assignment
Title source: ruleDescription
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
References (9)
Core 9
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Third Party Advisory
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180423-0004/
Release Notes, Vendor Advisory
https://www.openssh.com/txt/release-7.6
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/101552
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201801-05
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0980
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Scores
CVSS v3
5.3
EPSS
0.0317
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-732
Status
published
Products (26)
debian/debian_linux
8.0
netapp/active_iq_unified_manager
netapp/cloud_backup
netapp/clustered_data_ontap
netapp/cn1610_firmware
netapp/data_ontap_edge
netapp/hci_management_node
netapp/oncommand_unified_manager_core_package
netapp/solidfire
netapp/steelstore_cloud_integrated_storage
... and 16 more
Published
Oct 26, 2017
Tracked Since
Feb 18, 2026