CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Published : 2017-10-26 03:29 Updated : 2019-10-03 00:03

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Openbsd Openssh 1.2 cpe:/a:openbsd:openssh:1.2
Openbsd Openssh 1.2.1 cpe:/a:openbsd:openssh:1.2.1
Openbsd Openssh 1.2.2 cpe:/a:openbsd:openssh:1.2.2
Openbsd Openssh 1.2.3 cpe:/a:openbsd:openssh:1.2.3
Openbsd Openssh 1.2.27 cpe:/a:openbsd:openssh:1.2.27
Openbsd Openssh 1.3 cpe:/a:openbsd:openssh:1.3
Openbsd Openssh 1.5 cpe:/a:openbsd:openssh:1.5
Openbsd Openssh 1.5.7 cpe:/a:openbsd:openssh:1.5.7
Openbsd Openssh 1.5.8 cpe:/a:openbsd:openssh:1.5.8
Openbsd Openssh 2 cpe:/a:openbsd:openssh:2
Openbsd Openssh 2.1 cpe:/a:openbsd:openssh:2.1
Openbsd Openssh 2.1.1 cpe:/a:openbsd:openssh:2.1.1
Openbsd Openssh 2.2 cpe:/a:openbsd:openssh:2.2
Openbsd Openssh 2.3 cpe:/a:openbsd:openssh:2.3
Openbsd Openssh 2.3.1 cpe:/a:openbsd:openssh:2.3.1
Openbsd Openssh 2.5 cpe:/a:openbsd:openssh:2.5
Openbsd Openssh 2.5.1 cpe:/a:openbsd:openssh:2.5.1
Openbsd Openssh 2.5.2 cpe:/a:openbsd:openssh:2.5.2
Openbsd Openssh 2.9 cpe:/a:openbsd:openssh:2.9
Openbsd Openssh 2.9.9 cpe:/a:openbsd:openssh:2.9.9
Openbsd Openssh 2.9.9p2 cpe:/a:openbsd:openssh:2.9.9p2
Openbsd Openssh 2.9p1 cpe:/a:openbsd:openssh:2.9p1
Openbsd Openssh 2.9p2 cpe:/a:openbsd:openssh:2.9p2
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.2.2 cpe:/a:openbsd:openssh:3.2.2
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 3.7.1p1 cpe:/a:openbsd:openssh:3.7.1p1
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 4.0 cpe:/a:openbsd:openssh:4.0
Openbsd Openssh 4.0p1 cpe:/a:openbsd:openssh:4.0p1
Openbsd Openssh 4.1 cpe:/a:openbsd:openssh:4.1
Openbsd Openssh 4.1p1 cpe:/a:openbsd:openssh:4.1p1
Openbsd Openssh 4.2 cpe:/a:openbsd:openssh:4.2
Openbsd Openssh 4.2p1 cpe:/a:openbsd:openssh:4.2p1
Openbsd Openssh 4.3 cpe:/a:openbsd:openssh:4.3
Openbsd Openssh 4.3p1 cpe:/a:openbsd:openssh:4.3p1
Openbsd Openssh 4.3p2 cpe:/a:openbsd:openssh:4.3p2
Openbsd Openssh 4.4 cpe:/a:openbsd:openssh:4.4
Openbsd Openssh 4.4p1 cpe:/a:openbsd:openssh:4.4p1
Openbsd Openssh 4.5 cpe:/a:openbsd:openssh:4.5
Openbsd Openssh 4.6 cpe:/a:openbsd:openssh:4.6
Openbsd Openssh 4.7 cpe:/a:openbsd:openssh:4.7
Openbsd Openssh 4.7p1 cpe:/a:openbsd:openssh:4.7p1
Openbsd Openssh 4.8 cpe:/a:openbsd:openssh:4.8
Openbsd Openssh 4.9 cpe:/a:openbsd:openssh:4.9
Openbsd Openssh 5.0 cpe:/a:openbsd:openssh:5.0
Openbsd Openssh 5.0 cpe:/a:openbsd:openssh:5.0:p1
Openbsd Openssh 5.1 cpe:/a:openbsd:openssh:5.1
Openbsd Openssh 5.1 cpe:/a:openbsd:openssh:5.1:p1
Openbsd Openssh 5.2 cpe:/a:openbsd:openssh:5.2
Openbsd Openssh 5.2 cpe:/a:openbsd:openssh:5.2:p1
Openbsd Openssh 5.3 cpe:/a:openbsd:openssh:5.3
Openbsd Openssh 5.3 cpe:/a:openbsd:openssh:5.3:p1
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4:p1
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5:p1
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6:p1
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7:p1
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8:p1
Openbsd Openssh 5.8p2 cpe:/a:openbsd:openssh:5.8p2
Openbsd Openssh 5.9 cpe:/a:openbsd:openssh:5.9
Openbsd Openssh 5.9 cpe:/a:openbsd:openssh:5.9:p1
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0:p1
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1:p1
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2:p1
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2:p2
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3:p1
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4:p1
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5:p1
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6:p1
Openbsd Openssh 6.7 cpe:/a:openbsd:openssh:6.7
Openbsd Openssh 6.7 cpe:/a:openbsd:openssh:6.7:p1
Openbsd Openssh 6.8 cpe:/a:openbsd:openssh:6.8
Openbsd Openssh 6.8 cpe:/a:openbsd:openssh:6.8:p1
Openbsd Openssh 6.9 cpe:/a:openbsd:openssh:6.9
Openbsd Openssh 6.9 cpe:/a:openbsd:openssh:6.9:p1
Openbsd Openssh 7.0 cpe:/a:openbsd:openssh:7.0
Openbsd Openssh 7.0 cpe:/a:openbsd:openssh:7.0:p1
Openbsd Openssh 7.1 cpe:/a:openbsd:openssh:7.1
Openbsd Openssh 7.1 cpe:/a:openbsd:openssh:7.1:p1
Openbsd Openssh 7.2 cpe:/a:openbsd:openssh:7.2:p2
Openbsd Openssh 7.3 cpe:/a:openbsd:openssh:7.3
Openbsd Openssh 7.3 cpe:/a:openbsd:openssh:7.3:p1
Openbsd Openssh 7.4 cpe:/a:openbsd:openssh:7.4
Openbsd Openssh 7.4 cpe:/a:openbsd:openssh:7.4:p1
Openbsd Openssh 7.5 cpe:/a:openbsd:openssh:7.5
Openbsd Openssh 7.5 cpe:/a:openbsd:openssh:7.5:p1
  1. Openbsd (1) Search CVE
    1. Openssh (99) Search CVE
      1. 1.2
      2. 1.2.1
      3. 1.2.2
      4. 1.2.3
      5. 1.2.27
      6. 1.3
      7. 1.5
      8. 1.5.7
      9. 1.5.8
      10. 2
      11. 2.1
      12. 2.1.1
      13. 2.2
      14. 2.3
      15. 2.3.1
      16. 2.5
      17. 2.5.1
      18. 2.5.2
      19. 2.9
      20. 2.9.9
      21. 2.9.9p2
      22. 2.9p1
      23. 2.9p2
      24. 3.0
      25. 3.0.1
      26. 3.0.1p1
      27. 3.0.2
      28. 3.0.2p1
      29. 3.0p1
      30. 3.1
      31. 3.1p1
      32. 3.2
      33. 3.2.2
      34. 3.2.2p1
      35. 3.2.3p1
      36. 3.3
      37. 3.3p1
      38. 3.4
      39. 3.4p1
      40. 3.5
      41. 3.5p1
      42. 3.6
      43. 3.6.1
      44. 3.6.1p1
      45. 3.6.1p2
      46. 3.7
      47. 3.7.1
      48. 3.7.1p1
      49. 3.7.1p2
      50. 3.8
      51. 3.8.1
      52. 3.8.1p1
      53. 3.9
      54. 3.9.1
      55. 3.9.1p1
      56. 4.0
      57. 4.0p1
      58. 4.1
      59. 4.1p1
      60. 4.2
      61. 4.2p1
      62. 4.3
      63. 4.3p1
      64. 4.3p2
      65. 4.4
      66. 4.4p1
      67. 4.5
      68. 4.6
      69. 4.7
      70. 4.7p1
      71. 4.8
      72. 4.9
      73. 5.0
      74. 5.1
      75. 5.2
      76. 5.3
      77. 5.4
      78. 5.5
      79. 5.6
      80. 5.7
      81. 5.8
      82. 5.8p2
      83. 5.9
      84. 6.0
      85. 6.1
      86. 6.2
      87. 6.3
      88. 6.4
      89. 6.5
      90. 6.6
      91. 6.7
      92. 6.8
      93. 6.9
      94. 7.0
      95. 7.1
      96. 7.2
      97. 7.3
      98. 7.4
      99. 7.5

CWE

ID Name Description Links
CWE-269 Improper Privilege Management The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. CVE

History of changes

Date Event
2019-10-03 00:03
2018-09-11 10:29
2018-04-25 01:29
2018-04-12 01:29
2018-02-01 02:29
2018-01-09 02:29
2017-11-15 15:38
2017-10-26 03:29

New CVE