CLD-70 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-15906 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) openssh
Deficiency Type SECURITY
Date Created 2017-10-10 09:26:43
Date Last Modified 2017-10-10 09:30:51

Version Specific Information:

Cucumber 1.0 i686fixed in openssh-7.6p1-i686-1
Cucumber 1.0 x86_64fixed in openssh-7.6p1-x86_64-1

Cucumber 1.1 i686 fixed in openssh-7.6p1-i686-1
Cucumber 1.1 x86_64 fixed in openssh-7.6p1-x86_64-1

Details:

All version of OpenSSH prior to 7.6 supporting read-only mode in sftp-server
(introduced in 5.5). Incorrect open(2) flags in sftp-server permitted creation
of zero-length files when the server was running in read-only mode (invoked
using the -R command-line flag) [https://www.openssh.com/security.html].

This bug is corrected in OpenSSH 7.6. For more information, please refer to the
release notes [https://www.openssh.com/txt/release-7.6].