CVE-2017-15906
5.3 MEDIUMThe process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allow...
Published: 2017-10-26 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-732
Affected products
| Vendor | Product |
|---|---|
| debian | active_iq_unified_manager, cloud_backup, clustered_data_ontap |
| netapp | active_iq_unified_manager, cloud_backup, clustered_data_ontap |
| openbsd | active_iq_unified_manager, cloud_backup, clustered_data_ontap |
| oracle | active_iq_unified_manager, cloud_backup, clustered_data_ontap |
| redhat | active_iq_unified_manager, cloud_backup, clustered_data_ontap |
Description
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-15906
- [Other]http://www.securityfocus.com/bid/101552
- [Other]https://access.redhat.com/errata/RHSA-2018:0980
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- [Other]https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
- [Other]https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- [Other]https://security.gentoo.org/glsa/201801-05
- [Other]https://security.netapp.com/advisory/ntap-20180423-0004/
- [Vendor advisory]https://www.openssh.com/txt/release-7.6
- [Other]https://www.oracle.com/security-alerts/cpujan2020.html
- [Other]http://www.securityfocus.com/bid/101552
- [Other]https://access.redhat.com/errata/RHSA-2018:0980
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- [Other]https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
- [Other]https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- [Other]https://security.gentoo.org/glsa/201801-05
- [Other]https://security.netapp.com/advisory/ntap-20180423-0004/
- [Vendor advisory]https://www.openssh.com/txt/release-7.6
- [Other]https://www.oracle.com/security-alerts/cpujan2020.html
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
- CVE-2026-11793 — A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
Same CWE
- CVE-2026-53856 — OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly ... (5.5 MEDIUM)
- CVE-2026-0271 — A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to exec...
- CVE-2026-50570 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)
- CVE-2026-26422 — clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation (8.4 HIGH)
- CVE-2026-50590 — In Mimecast Incydr before 2.6.0, arbitrary file access can occur (4.5 MEDIUM)