OpenSSH sftp-server.c Denial of Service (CVE-2017-15906)

A denial of service vulnerability has been reported in OpenSSH. The vulnerability is due to improper restriction of write access when in read-only mode within sftp-server.c. A remote attacker could exploit this vulnerability by sending crafted requests to a vulnerable server...

Low: openssh

Issue Overview: Improper write operations in readonly mode allow for zero-length file creation The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.CVE-2017-15906 Affected...

BSA-2018-538

Security Advisory ID : BSA-2018-538 Component : OpenSSH Revision : 2.0: Final The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Affected Products Security updates have be...

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

CVE-2017-15906

OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...