CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Database specific

{
    "unresolved_ranges": [
        {
            "vendor_product": "netapp:storage_replication_adapter_for_clustered_data_ontap",
            "extracted_events": [
                {
                    "introduced": "9.7"
                }
            ],
            "cpes": [
                "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "netapp:vasa_provider_for_clustered_data_ontap",
            "extracted_events": [
                {
                    "introduced": "6.0"
                },
                {
                    "last_affected": "6.2"
                },
                {
                    "introduced": "9.7"
                }
            ],
            "cpes": [
                "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "netapp:virtual_storage_console",
            "extracted_events": [
                {
                    "introduced": "9.7"
                }
            ],
            "cpes": [
                "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "netapp:storage_replication_adapter_for_clustered_data_ontap",
            "extracted_events": [
                {
                    "last_affected": "9.6"
                }
            ],
            "cpes": [
                "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "netapp:virtual_storage_console",
            "extracted_events": [
                {
                    "last_affected": "9.6"
                }
            ],
            "cpes": [
                "cpe:2.3:a:netapp:virtual_storage_console:9.6:*:*:*:*:vmware_vsphere:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:sun_zfs_storage_appliance_kit",
            "extracted_events": [
                {
                    "last_affected": "8.8.6"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_desktop",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_eus",
            "extracted_events": [
                {
                    "last_affected": "7.6"
                },
                {
                    "last_affected": "7.7"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_server",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_aus",
            "extracted_events": [
                {
                    "last_affected": "7.6"
                },
                {
                    "last_affected": "7.7"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_tus",
            "extracted_events": [
                {
                    "last_affected": "7.6"
                },
                {
                    "last_affected": "7.7"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_workstation",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type

GIT

Repo

https://github.com/openbsd/src

Events

Introduced

Fixed

a6981567e8e215acc1ef690c8dbb30f2d9b00a19

Database specific

{
    "source": "REFERENCES"
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15906.json"

Git / github.com/openssh/openssh-portable

Affected ranges

Type

GIT

Repo

https://github.com/openssh/openssh-portable

Events

Introduced

Fixed

66bf74a92131b7effe49fb0eefe5225151869dc5

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.6"
        }
    ],
    "cpe": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

Other

ABOUT_TO_ADD_INET_ATON

AFTER_FREEBSD_PAM_MERGE

AFTER_KRB5_GSSAPI_MERGE

BEFORE_FREEBSD_PAM_MERGE

BEFORE_KRB5_GSSAPI_MERGE

POST_KRB4_REMOVAL

PRE-REORDER

PRE_CYGWIN_MERGE

PRE_DAN_PATCH_MERGE

PRE_FIXPATHS_INTEGRATION

PRE_HPUX_INTEGRATION

PRE_IPV6

PRE_KRB4_REMOVAL

PRE_NEW_LOGIN_CODE

PRE_SW_KRBV

V_1_2PRE17

V_1_2_1_PRE18

V_1_2_1_PRE19

V_1_2_1_PRE20

V_1_2_1_PRE21

V_1_2_1_PRE22

V_1_2_1_PRE23

V_1_2_1_PRE24

V_1_2_1_PRE25

V_1_2_1_PRE26

V_1_2_1_PRE27

V_1_2_2

V_1_2_2_P1

V_1_2_2_PRE28

V_1_2_2_PRE29

V_1_2_3

V_1_2_3_PRE1

V_1_2_3_PRE2

V_1_2_3_PRE3

V_1_2_3_PRE4

V_1_2_3_PRE5

V_1_2_3_TEST1

V_1_2_3_TEST2

V_1_2_3_TEST3

V_1_2_PRE10

V_1_2_PRE11

V_1_2_PRE12

V_1_2_PRE13

V_1_2_PRE14

V_1_2_PRE15

V_1_2_PRE16

V_1_2_PRE4

V_1_2_PRE5

V_1_2_PRE6

V_1_2_PRE7

V_1_2_PRE8

V_1_2_PRE9

V_2_0_0_BETA1

V_2_0_0_BETA2

V_2_0_0_TEST1

V_2_1_0

V_2_1_0_P1

V_2_1_0_P2

V_2_1_0_P3

V_2_1_1_P1

V_2_1_1_P2

V_2_1_1_P3

V_2_1_1_P4

V_2_2_0_P1

V_2_3_0_P1

V_2_5_0_P1

V_2_5_1_P1

V_2_5_1_P2

V_2_5_2_P1

V_3_0_1_P1

V_3_0_P1

V_3_1_P1

V_3_2_2_P1

V_3_4_P1

V_3_6_1_P1

V_3_8_P1

V_3_9_P1

V_4_2_P1

V_5_0_P1

V_5_1_P1

V_5_2_P1

V_5_5_P1

V_5_7_P1

V_6_0_P1

V_6_1_P1

V_6_2_P1

V_6_5_P1

V_6_6_P1

V_6_8_P1

V_6_9_P1

V_7_0_P1

V_7_1_P1

V_7_2_P1

V_7_3_P1

V_7_4_P1

V_7_5_P1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15906.json"