suse · CVE-2017-15906

Quick triage

Priority: medium Published: 2021-05-30 14:03:53 UTC Updated: 2025-03-25 00:44:47 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-15906 severity moderate: SUSE including 38 source package names (openssh, openssh-6.2p2-0.41.5.1, …), 153 product×package rows across 35 product lines (SUSE Enterprise Storage 7.1, SUSE Liberty Linux 7, … (35 product lines)): Fixed 82, Known Not Affected 71.

Description:

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

cvelogic Threat Intelligence