OpenSSH 7.6 Vulnerability: Unauthorized Creation of Zero-Length Files
CVE-2017-15906 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Learn more about our Cis Benchmark Audit For Server Software.