CVE-2017-15906
openssh: Improper write operations in readonly mode allow for zero-length file creation
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero.
Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-10-25 CVE Reserved
- 2017-10-26 CVE Published
- 2024-08-05 CVE Updated
- 2025-06-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101552 | Third Party Advisory | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |
|
|
| https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20180423-0004 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0980 | 2022-12-13 | |
| https://security.gentoo.org/glsa/201801-05 | 2022-12-13 | |
| https://www.openssh.com/txt/release-7.6 | 2022-12-13 | |
| https://access.redhat.com/security/cve/CVE-2017-15906 | 2018-04-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1506630 | 2018-04-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Cn1610 Firmware Search vendor "Netapp" for product "Cn1610 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Cn1610 Search vendor "Netapp" for product "Cn1610" | - | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | < 7.6 Search vendor "Openbsd" for product "Openssh" and version " < 7.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Sun Zfs Storage Appliance Kit Search vendor "Oracle" for product "Sun Zfs Storage Appliance Kit" | 8.8.6 Search vendor "Oracle" for product "Sun Zfs Storage Appliance Kit" and version "8.8.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Unified Manager Core Package Search vendor "Netapp" for product "Oncommand Unified Manager Core Package" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Replication Adapter For Clustered Data Ontap Search vendor "Netapp" for product "Storage Replication Adapter For Clustered Data Ontap" | >= 9.7 Search vendor "Netapp" for product "Storage Replication Adapter For Clustered Data Ontap" and version " >= 9.7" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Replication Adapter For Clustered Data Ontap Search vendor "Netapp" for product "Storage Replication Adapter For Clustered Data Ontap" | 9.6 Search vendor "Netapp" for product "Storage Replication Adapter For Clustered Data Ontap" and version "9.6" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Vasa Provider For Clustered Data Ontap Search vendor "Netapp" for product "Vasa Provider For Clustered Data Ontap" | >= 6.0 <= 6.2 Search vendor "Netapp" for product "Vasa Provider For Clustered Data Ontap" and version " >= 6.0 <= 6.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Vasa Provider For Clustered Data Ontap Search vendor "Netapp" for product "Vasa Provider For Clustered Data Ontap" | >= 9.7 Search vendor "Netapp" for product "Vasa Provider For Clustered Data Ontap" and version " >= 9.7" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Virtual Storage Console Search vendor "Netapp" for product "Virtual Storage Console" | >= 9.7 Search vendor "Netapp" for product "Virtual Storage Console" and version " >= 9.7" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Virtual Storage Console Search vendor "Netapp" for product "Virtual Storage Console" | 9.6 Search vendor "Netapp" for product "Virtual Storage Console" and version "9.6" | vmware_vsphere |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||