CVE-2017-15906

Опубликовано: 03 окт. 2017

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	openssh	Not affected
Red Hat Enterprise Linux 6	openssh	Not affected
Red Hat Enterprise Linux 7	openssh	Fixed	RHSA-2018:0980	10.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1506630openssh: Improper write operations in readonly mode allow for zero-length file creation

EPSS

Процентиль: 86%

0.02761

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2017-15906

CVSS3: 5.3

ubuntu

около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CVE-2017-15906

CVSS3: 5.3

nvd

около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CVE-2017-15906

CVSS3: 5.3

debian

около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does ...

GHSA-543w-q592-87ph

CVSS3: 5.3

github

больше 3 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

ELSA-2018-0980

oracle-oval

больше 7 лет назад

ELSA-2018-0980: openssh security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 86%

0.02761

Низкий

4.3 Medium

CVSS3