Vulnerability Details CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/101552
- https://access.redhat.com/errata/RHSA-2018:0980
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- https://security.gentoo.org/glsa/201801-05
- https://security.netapp.com/advisory/ntap-20180423-0004/
- https://www.openssh.com/txt/release-7.6
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://www.securityfocus.com/bid/101552
- https://access.redhat.com/errata/RHSA-2018:0980
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- https://security.gentoo.org/glsa/201801-05
- https://security.netapp.com/advisory/ntap-20180423-0004/
- https://www.openssh.com/txt/release-7.6
- https://www.oracle.com/security-alerts/cpujan2020.html
Products affected by CVE-2017-15906
-
cpe:2.3:a:netapp:active_iq_unified_manager:-
-
cpe:2.3:a:netapp:cloud_backup:-
-
cpe:2.3:a:netapp:clustered_data_ontap:-
-
cpe:2.3:a:netapp:data_ontap_edge:-
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
-
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6
-
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.7
-
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0
-
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:9.7
-
cpe:2.3:a:netapp:virtual_storage_console:9.6
-
cpe:2.3:a:netapp:virtual_storage_console:9.7
-
cpe:2.3:a:openbsd:openssh:-
-
cpe:2.3:a:openbsd:openssh:1.2
-
cpe:2.3:a:openbsd:openssh:1.2.1
-
cpe:2.3:a:openbsd:openssh:1.2.2
-
cpe:2.3:a:openbsd:openssh:1.2.27
-
cpe:2.3:a:openbsd:openssh:1.2.3
-
cpe:2.3:a:openbsd:openssh:1.3
-
cpe:2.3:a:openbsd:openssh:1.5
-
cpe:2.3:a:openbsd:openssh:1.5.7
-
cpe:2.3:a:openbsd:openssh:1.5.8
-
cpe:2.3:a:openbsd:openssh:2
-
cpe:2.3:a:openbsd:openssh:2.1
-
cpe:2.3:a:openbsd:openssh:2.1.0
-
cpe:2.3:a:openbsd:openssh:2.1.1
-
cpe:2.3:a:openbsd:openssh:2.2
-
cpe:2.3:a:openbsd:openssh:2.2.0
-
cpe:2.3:a:openbsd:openssh:2.3
-
cpe:2.3:a:openbsd:openssh:2.3.0
-
cpe:2.3:a:openbsd:openssh:2.3.1
-
cpe:2.3:a:openbsd:openssh:2.5
-
cpe:2.3:a:openbsd:openssh:2.5.1
-
cpe:2.3:a:openbsd:openssh:2.5.2
-
cpe:2.3:a:openbsd:openssh:2.9
-
cpe:2.3:a:openbsd:openssh:2.9.9
-
cpe:2.3:a:openbsd:openssh:2.9.9p2
-
cpe:2.3:a:openbsd:openssh:2.9p1
-
cpe:2.3:a:openbsd:openssh:2.9p2
-
cpe:2.3:a:openbsd:openssh:3.0
-
cpe:2.3:a:openbsd:openssh:3.0.1
-
cpe:2.3:a:openbsd:openssh:3.0.1p1
-
cpe:2.3:a:openbsd:openssh:3.0.2
-
cpe:2.3:a:openbsd:openssh:3.0.2p1
-
cpe:2.3:a:openbsd:openssh:3.0p1
-
cpe:2.3:a:openbsd:openssh:3.1
-
cpe:2.3:a:openbsd:openssh:3.1p1
-
cpe:2.3:a:openbsd:openssh:3.2
-
cpe:2.3:a:openbsd:openssh:3.2.2
-
cpe:2.3:a:openbsd:openssh:3.2.2p1
-
cpe:2.3:a:openbsd:openssh:3.2.3
-
cpe:2.3:a:openbsd:openssh:3.2.3p1
-
cpe:2.3:a:openbsd:openssh:3.3
-
cpe:2.3:a:openbsd:openssh:3.3p1
-
cpe:2.3:a:openbsd:openssh:3.4
-
cpe:2.3:a:openbsd:openssh:3.4p1
-
cpe:2.3:a:openbsd:openssh:3.5
-
cpe:2.3:a:openbsd:openssh:3.5p1
-
cpe:2.3:a:openbsd:openssh:3.6
-
cpe:2.3:a:openbsd:openssh:3.6.1
-
cpe:2.3:a:openbsd:openssh:3.6.1p1
-
cpe:2.3:a:openbsd:openssh:3.6.1p2
-
cpe:2.3:a:openbsd:openssh:3.7
-
cpe:2.3:a:openbsd:openssh:3.7.1
-
cpe:2.3:a:openbsd:openssh:3.7.1p1
-
cpe:2.3:a:openbsd:openssh:3.7.1p2
-
cpe:2.3:a:openbsd:openssh:3.8
-
cpe:2.3:a:openbsd:openssh:3.8.1
-
cpe:2.3:a:openbsd:openssh:3.8.1p1
-
cpe:2.3:a:openbsd:openssh:3.9
-
cpe:2.3:a:openbsd:openssh:3.9.1
-
cpe:2.3:a:openbsd:openssh:3.9.1p1
-
cpe:2.3:a:openbsd:openssh:4.0
-
cpe:2.3:a:openbsd:openssh:4.0p1
-
cpe:2.3:a:openbsd:openssh:4.1
-
cpe:2.3:a:openbsd:openssh:4.1p1
-
cpe:2.3:a:openbsd:openssh:4.2
-
cpe:2.3:a:openbsd:openssh:4.2p1
-
cpe:2.3:a:openbsd:openssh:4.3
-
cpe:2.3:a:openbsd:openssh:4.3p1
-
cpe:2.3:a:openbsd:openssh:4.3p2
-
cpe:2.3:a:openbsd:openssh:4.4
-
cpe:2.3:a:openbsd:openssh:4.4p1
-
cpe:2.3:a:openbsd:openssh:4.5
-
cpe:2.3:a:openbsd:openssh:4.6
-
cpe:2.3:a:openbsd:openssh:4.7
-
cpe:2.3:a:openbsd:openssh:4.7p1
-
cpe:2.3:a:openbsd:openssh:4.8
-
cpe:2.3:a:openbsd:openssh:4.9
-
cpe:2.3:a:openbsd:openssh:5.0
-
cpe:2.3:a:openbsd:openssh:5.1
-
cpe:2.3:a:openbsd:openssh:5.2
-
cpe:2.3:a:openbsd:openssh:5.3
-
cpe:2.3:a:openbsd:openssh:5.4
-
cpe:2.3:a:openbsd:openssh:5.5
-
cpe:2.3:a:openbsd:openssh:5.6
-
cpe:2.3:a:openbsd:openssh:5.7
-
cpe:2.3:a:openbsd:openssh:5.8
-
cpe:2.3:a:openbsd:openssh:5.8p2
-
cpe:2.3:a:openbsd:openssh:5.9
-
cpe:2.3:a:openbsd:openssh:6.0
-
cpe:2.3:a:openbsd:openssh:6.1
-
cpe:2.3:a:openbsd:openssh:6.2
-
cpe:2.3:a:openbsd:openssh:6.3
-
cpe:2.3:a:openbsd:openssh:6.4
-
cpe:2.3:a:openbsd:openssh:6.5
-
cpe:2.3:a:openbsd:openssh:6.6
-
cpe:2.3:a:openbsd:openssh:6.7
-
cpe:2.3:a:openbsd:openssh:6.8
-
cpe:2.3:a:openbsd:openssh:6.9
-
cpe:2.3:a:openbsd:openssh:7.0
-
cpe:2.3:a:openbsd:openssh:7.1
-
cpe:2.3:a:openbsd:openssh:7.2
-
cpe:2.3:a:openbsd:openssh:7.3
-
cpe:2.3:a:openbsd:openssh:7.4
-
cpe:2.3:a:openbsd:openssh:7.5
-
cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6
-
cpe:2.3:h:netapp:cn1610:-
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:netapp:cn1610_firmware:-
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_eus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0