CLD-70 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
openssh |
Deficiency Type |
SECURITY |
Date Created |
2017-10-10 09:26:43 |
Date Last Modified |
2017-10-10 09:30:51 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in openssh-7.6p1-i686-1 |
Cucumber 1.0 x86_64 | fixed in openssh-7.6p1-x86_64-1 |
Cucumber 1.1 i686 |
fixed in openssh-7.6p1-i686-1 |
Cucumber 1.1 x86_64 |
fixed in openssh-7.6p1-x86_64-1 |
Details:
All version of OpenSSH prior to 7.6 supporting read-only mode in sftp-server
(introduced in 5.5). Incorrect open(2) flags in sftp-server permitted creation
of zero-length files when the server was running in read-only mode (invoked
using the -R command-line flag) [https://www.openssh.com/security.html].
This bug is corrected in OpenSSH 7.6. For more information, please refer to the
release notes [https://www.openssh.com/txt/release-7.6].