ID CVE-2017-15906
Summary The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-269
CAPEC
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 1506630
title CVE-2017-15906 openssh: Improper write operations in readonly mode allow for zero-length file creation
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment openssh is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980009
      • comment openssh is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884006
    • AND
      • comment openssh-askpass is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980005
      • comment openssh-askpass is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884008
    • AND
      • comment openssh-cavs is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980011
      • comment openssh-cavs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20172029008
    • AND
      • comment openssh-clients is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980019
      • comment openssh-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884014
    • AND
      • comment openssh-keycat is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980007
      • comment openssh-keycat is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150425012
    • AND
      • comment openssh-ldap is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980021
      • comment openssh-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884012
    • AND
      • comment openssh-server is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980017
      • comment openssh-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884016
    • AND
      • comment openssh-server-sysvinit is earlier than 0:7.4p1-16.el7
        oval oval:com.redhat.rhsa:tst:20180980013
      • comment openssh-server-sysvinit is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150425016
    • AND
      • comment pam_ssh_agent_auth is earlier than 0:0.10.3-2.16.el7
        oval oval:com.redhat.rhsa:tst:20180980015
      • comment pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884010
rhsa
id RHSA-2018:0980
released 2018-04-10
severity Low
title RHSA-2018:0980: openssh security, bug fix, and enhancement update (Low)
rpms
  • openssh-0:7.4p1-16.el7
  • openssh-askpass-0:7.4p1-16.el7
  • openssh-cavs-0:7.4p1-16.el7
  • openssh-clients-0:7.4p1-16.el7
  • openssh-keycat-0:7.4p1-16.el7
  • openssh-ldap-0:7.4p1-16.el7
  • openssh-server-0:7.4p1-16.el7
  • openssh-server-sysvinit-0:7.4p1-16.el7
  • pam_ssh_agent_auth-0:0.10.3-2.16.el7
refmap via4
bid 101552
confirm
gentoo GLSA-201801-05
mlist [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update
Last major update 03-10-2019 - 00:03
Published 26-10-2017 - 03:29
Back to Top