PublicDateAtUSN: 2017-10-25
Candidate: CVE-2017-15906
PublicDate: 2017-10-26 03:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906
 https://www.openssh.com/txt/release-7.6
 https://ubuntu.com/security/notices/USN-3538-1
 https://xorl.wordpress.com/2017/11/13/openssh-sftp-server-remote-security-vulnerability/
Description:
 The process_open function in sftp-server.c in OpenSSH before 7.6 does not
 properly prevent write operations in readonly mode, which allows attackers
 to create zero-length files.
Ubuntu-Description:
Notes:
 leosilva> file structure and patch mismatch, some ajustments required
Bugs:
Priority: low
Discovered-by:  Michal Zalewski
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_openssh:
 upstream: https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
upstream_openssh: released (1:7.6p1-1)
precise/esm_openssh: ignored (end of ESM support, was needed)
trusty_openssh: released (1:6.6p1-2ubuntu2.10)
trusty/esm_openssh: released (1:6.6p1-2ubuntu2.10)
xenial_openssh: released (1:7.2p2-4ubuntu2.4)
esm-infra/xenial_openssh: released (1:7.2p2-4ubuntu2.4)
zesty_openssh: ignored (reached end-of-life)
artful_openssh: released (1:7.5p1-10ubuntu0.1)
bionic_openssh: released (1:7.6p1-4)
cosmic_openssh: released (1:7.6p1-4)
disco_openssh: released (1:7.6p1-4)
eoan_openssh: released (1:7.6p1-4)
focal_openssh: released (1:7.6p1-4)
groovy_openssh: released (1:7.6p1-4)
hirsute_openssh: released (1:7.6p1-4)
devel_openssh: released (1:7.6p1-4)