The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101552 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:0980 | Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | |
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201801-05 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20180423-0004/ | Third Party Advisory |
https://www.openssh.com/txt/release-7.6 | Release Notes Vendor Advisory |
https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
History
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Aug 2022, 13:49
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/101552 - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20180423-0004/ - Third Party Advisory | |
References | (CONFIRM) https://www.openssh.com/txt/release-7.6 - Release Notes, Vendor Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201801-05 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:0980 - Third Party Advisory | |
First Time |
Redhat enterprise Linux Workstation
Netapp storage Replication Adapter For Clustered Data Ontap Netapp steelstore Cloud Integrated Storage Netapp cn1610 Redhat enterprise Linux Server Netapp virtual Storage Console Netapp oncommand Unified Manager Core Package Netapp Netapp data Ontap Edge Debian debian Linux Netapp cn1610 Firmware Netapp clustered Data Ontap Redhat enterprise Linux Server Aus Redhat enterprise Linux Desktop Redhat enterprise Linux Eus Oracle sun Zfs Storage Appliance Kit Netapp cloud Backup Redhat Debian Netapp vasa Provider For Clustered Data Ontap Netapp hci Management Node Netapp solidfire Oracle Netapp active Iq Unified Manager Redhat enterprise Linux Server Tus |
|
CPE | cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:* |
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:virtual_storage_console:9.6:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* |
Information
Published : 2017-10-26 03:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-15906
Mitre link : CVE-2017-15906
CVE.ORG link : CVE-2017-15906
JSON object : View
Products Affected
netapp
- solidfire
- cloud_backup
- vasa_provider_for_clustered_data_ontap
- virtual_storage_console
- steelstore_cloud_integrated_storage
- cn1610
- clustered_data_ontap
- oncommand_unified_manager_core_package
- cn1610_firmware
- active_iq_unified_manager
- hci_management_node
- storage_replication_adapter_for_clustered_data_ontap
- data_ontap_edge
redhat
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_desktop
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_workstation
oracle
- sun_zfs_storage_appliance_kit
debian
- debian_linux
openbsd
- openssh
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource