CVE-2017-15906 openssh: Improper write operations in readonly mode allow for zero-length file creation

CVE ID

CVE-2017-15906

DESCRIPTION

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

RESOLUTION

  • CentOS6 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.
  • CentOS7 Unitrends' appliances (phyiscal and/or virtual) are not affected by this CVE.

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us