5.3
CVE-2017-15906
- EPSS 3.36%
- Veröffentlicht 26.10.2017 03:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Sun Zfs Storage Appliance Kit Version8.8.6
Debian ≫ Debian Linux Version8.0
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Cloud Backup Version-
Netapp ≫ Clustered Data Ontap Version-
Netapp ≫ Data Ontap Edge Version-
Netapp ≫ Hci Management Node Version-
Netapp ≫ Oncommand Unified Manager Core Package Version-
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Netapp ≫ Storage Replication Adapter For Clustered Data Ontap SwPlatformvmware_vsphere Version >= 9.7
Netapp ≫ Storage Replication Adapter For Clustered Data Ontap Version9.6 SwPlatformvmware_vsphere
Netapp ≫ Vasa Provider For Clustered Data Ontap Version >= 6.0 <= 6.2
Netapp ≫ Vasa Provider For Clustered Data Ontap Version >= 9.7
Netapp ≫ Virtual Storage Console SwPlatformvmware_vsphere Version >= 9.7
Netapp ≫ Virtual Storage Console Version9.6 SwPlatformvmware_vsphere
Netapp ≫ Cn1610 Firmware Version-
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version7.6
Redhat ≫ Enterprise Linux Eus Version7.7
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.36% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://www.oracle.com/security-alerts/cpujan2020.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://www.securityfocus.com/bid/101552
https://access.redhat.com/errata/RHSA-2018:0980
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
https://security.gentoo.org/glsa/201801-05
https://security.netapp.com/advisory/ntap-20180423-0004/
https://www.openssh.com/txt/release-7.6