PT-2017-3186 · Openssh+6 · Openssh+6

Published

2017-04-04

Updated

2025-09-09

CVE-2017-15906

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.6

Description The issue is related to the process open function in sftp-server.c, which does not properly prevent write operations when in readonly mode. This allows attackers to create zero-length files, potentially leading to a denial of service.

Recommendations For versions prior to 7.6, update to version 7.6 or later to resolve the issue. As a temporary workaround, consider restricting write operations in readonly mode to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-275CWE-732

Related Identifiers

ALT-PU-2018-2598

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2017-02607

CESA-2018_0980

CVE-2017-15906

DLA-1500-1

MGASA-2017-0483

MGASA-2018-0006

RHSA-2018:0980

RHSA-2018_0980

SUSE-SU-2017:3230-1

SUSE-SU-2018:2275-1

SUSE-SU-2018:2685-1

SUSE-SU-2018:2719-1

SUSE-SU-2018:3540-1

USN-3538-1

Affected Products

Alt Linux

Centos

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2017-3186 · Openssh+6 · Openssh+6

CVE-2017-15906

Weakness Enumeration

Related Identifiers

Affected Products

References · 126