What is the severity of CVE-2017-15906?

CVE-2017-15906 has a medium severity rating, as it allows attackers to create zero-length files in readonly mode.

How do I fix CVE-2017-15906?

To fix CVE-2017-15906, upgrade OpenSSH to version 7.6 or later.

What versions of OpenSSH are affected by CVE-2017-15906?

OpenSSH versions before 7.6 are affected by CVE-2017-15906.

Can CVE-2017-15906 impact file integrity?

Yes, CVE-2017-15906 can impact file integrity by allowing creation of zero-length files in readonly mode.

Is there a specific way to mitigate CVE-2017-15906?

Mitigation of CVE-2017-15906 involves ensuring your OpenSSH installation is updated to version 7.6 or later.

Vulnerability/
CVE-2017-15906

medium

5.3

CWE

732

25/10/2017

26/10/2017

5/8/2024

CVE-2017-15906

First published: Wed Oct 25 2017(Updated: )

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/openssh	<7.6	7.6
ubuntu/openssh	<1:7.5	1:7.5
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:6.6	1:6.6
ubuntu/openssh	<1:7.6	1:7.6
ubuntu/openssh	<1:7.2	1:7.2
debian/openssh		1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u2 1:9.2p1-2+deb12u3 1:9.8p1-2
OpenSSH	<7.6
Oracle Sun ZFS Storage Appliance Kit software	=8.8.6
Debian	=8.0
NetApp Active IQ Unified Manager for VMware vSphere
netapp cloud backup
IBM Data ONTAP
NetApp Data ONTAP Edge
netapp hci management node
NetApp OnCommand Unified Manager for Windows
netapp solidfire
NetApp SteelStore
NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere	>=9.7
NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere	=9.6
NetApp VASA Provider	>=6.0<=6.2
NetApp VASA Provider	>=9.7
NetApp Virtual Storage Console for VMware vSphere	>=9.7
NetApp Virtual Storage Console for VMware vSphere	=9.6
All of
NetApp CN1610
NetApp CN1610 Firmware
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux eus	=7.6
redhat enterprise Linux eus	=7.7
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server aus	=7.7
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux server tus	=7.7
redhat enterprise Linux workstation	=7.0
NetApp CN1610
NetApp CN1610 Firmware

Remedy

https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3538-1

Frequently Asked Questions

What is the severity of CVE-2017-15906?
CVE-2017-15906 has a medium severity rating, as it allows attackers to create zero-length files in readonly mode.
How do I fix CVE-2017-15906?
To fix CVE-2017-15906, upgrade OpenSSH to version 7.6 or later.
What versions of OpenSSH are affected by CVE-2017-15906?
OpenSSH versions before 7.6 are affected by CVE-2017-15906.
Can CVE-2017-15906 impact file integrity?
Yes, CVE-2017-15906 can impact file integrity by allowing creation of zero-length files in readonly mode.
Is there a specific way to mitigate CVE-2017-15906?
Mitigation of CVE-2017-15906 involves ensuring your OpenSSH installation is updated to version 7.6 or later.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/weakness
agent/severity
agent/remedy
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-15906
agent/software-canonical-lookup
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/references
collector/security-tracker-debian
source/Debian
agent/event
agent/trending
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/redhat
package-manager/ubuntu
package-manager/debian
vendor/openbsd
canonical/openssh
vendor/oracle
canonical/oracle sun zfs storage appliance kit software
version/oracle sun zfs storage appliance kit software/8.8.6
vendor/debian
canonical/debian
version/debian/8.0
vendor/netapp
canonical/netapp active iq unified manager for vmware vsphere
canonical/netapp cloud backup
canonical/ibm data ontap
canonical/netapp data ontap edge
canonical/netapp hci management node
canonical/netapp oncommand unified manager for windows
canonical/netapp solidfire
canonical/netapp steelstore
canonical/netapp storage replication adapter for clustered data ontap for vmware vsphere
version/netapp storage replication adapter for clustered data ontap for vmware vsphere/9.7
version/netapp storage replication adapter for clustered data ontap for vmware vsphere/9.6
canonical/netapp vasa provider
version/netapp vasa provider/6.0
version/netapp vasa provider/6.2
version/netapp vasa provider/9.7
canonical/netapp virtual storage console for vmware vsphere
version/netapp virtual storage console for vmware vsphere/9.7
version/netapp virtual storage console for vmware vsphere/9.6
canonical/netapp cn1610
canonical/netapp cn1610 firmware
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0