CVE-2017-15906

moderate-risk

Published 2017-10-26

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Do I need to act?

3.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Openssh

Sun Zfs Storage Appliance Kit

Debian Linux

Active Iq Unified Manager

Cloud Backup

Hci Management Node

Steelstore Cloud Integrated Storage

Storage Replication Adapter For Clustered Data Ontap

Vasa Provider For Clustered Data Ontap

Virtual Storage Console

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Clustered Data Ontap

Data Ontap Edge

Oncommand Unified Manager Core Package

Solidfire

Storage Replication Adapter For Clustered Data Ontap

Affected Vendors

Oracle Debian Redhat Netapp Openbsd

References (18)

Third Party Advisory http://www.securityfocus.com/bid/101552

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0980

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Third Party Advisory https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19

Mailing List https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

Third Party Advisory https://security.gentoo.org/glsa/201801-05

Third Party Advisory https://security.netapp.com/advisory/ntap-20180423-0004/

Release Notes https://www.openssh.com/txt/release-7.6

Third Party Advisory https://www.oracle.com/security-alerts/cpujan2020.html