PT-2017-3186 · Openssh+6 · Openssh+6

Publicado

2017-04-04

Atualizado

2025-09-09

CVE-2017-15906

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.6

Description The issue is related to the process open function in sftp-server.c, which does not properly prevent write operations when in readonly mode. This allows attackers to create zero-length files, potentially leading to a denial of service.

Recommendations For versions prior to 7.6, update to version 7.6 or later to resolve the issue. As a temporary workaround, consider restricting write operations in readonly mode to minimize the risk of exploitation.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-275CWE-732

Identificadores relacionados

ALT-PU-2018-2598

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2017-02607

CESA-2018_0980

CVE-2017-15906

DLA-1500-1

MGASA-2017-0483

MGASA-2018-0006

RHSA-2018:0980

RHSA-2018_0980

SUSE-SU-2017:3230-1

SUSE-SU-2018:2275-1

SUSE-SU-2018:2685-1

SUSE-SU-2018:2719-1

SUSE-SU-2018:3540-1

USN-3538-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2017-3186 · Openssh+6 · Openssh+6

CVE-2017-15906

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 126