CVE-2017-15906

Опубликовано: 26 окт. 2017

Источник: ubuntu

Приоритет: low

CVSS2: 5

CVSS3: 5.3

Описание

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Релиз	Статус	Примечание
artful	released	1:7.5p1-10ubuntu0.1
bionic	released	1:7.6p1-4
cosmic	released	1:7.6p1-4
devel	released	1:7.6p1-4
disco	released	1:7.6p1-4
eoan	released	1:7.6p1-4
esm-infra-legacy/trusty	released	1:6.6p1-2ubuntu2.10
esm-infra/bionic	released	1:7.6p1-4
esm-infra/focal	released	1:7.6p1-4
esm-infra/xenial	released	1:7.2p2-4ubuntu2.4

Показывать по

Ссылки на источники

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2017-15906

CVSS3: 4.3

redhat

около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CVE-2017-15906

CVSS3: 5.3

nvd

около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CVE-2017-15906

CVSS3: 5.3

debian

около 8 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does ...

GHSA-543w-q592-87ph

CVSS3: 5.3

github

больше 3 лет назад

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

ELSA-2018-0980

oracle-oval

больше 7 лет назад

ELSA-2018-0980: openssh security, bug fix, and enhancement update (LOW)

5 Medium

CVSS2

5.3 Medium

CVSS3

CVE-2017-15906

Описание

Пакет openssh

Ссылки на источники

Связанные уязвимости