Fluid Attacks Database

Description

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	openssh	>=0 <1:7.6p1-1	1:7.6p1-1
alpine v3.15	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| >=0 <7.5_p1-r8	7.5_p1-r8
alpine v3.12	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| >=0 <7.5_p1-r8	7.5_p1-r8
alpine v3.6	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| >=0 <7.5_p1-r2	7.5_p1-r2
alpine v3.19	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| >=0 <7.5_p1-r8	7.5_p1-r8
alpine v3.9	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| >=0 <7.5_p1-r8	7.5_p1-r8
debian 12	openssh	>=0 <1:7.6p1-1	1:7.6p1-1
alpine v3.11	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r3 \|\| =5.5_p1-r3 \|\| =5.6_p1-r3 \|\| =5.8_p1-r3 \|\| =5.8_p2-r3 \|\| =5.9_p1-r3 \|\| =6.0_p1-r3 \|\| =6.1_p1-r3 \|\| =6.2_p1-r3 \|\| =6.2_p2-r3 \|\| =6.3_p1-r3 \|\| =6.4_p1-r3 \|\| =6.6_p1-r3 \|\| =6.7_p1-r3 \|\| =6.8_p1-r3 \|\| =6.9_p1-r3 \|\| =7.1_p1-r3 \|\| =7.1_p2-r3 \|\| =7.2_p1-r3 \|\| =7.2_p2-r3 \|\| =7.3_p1-r3 \|\| =7.4_p1-r3 \|\| =7.5_p1-r3 \|\| >=0 <7.5_p1-r8	7.5_p1-r8
alpine v3.10	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| >=0 <7.5_p1-r8	7.5_p1-r8
alpine v3.13	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| >=0 <7.5_p1-r8	7.5_p1-r8

1-10 of 25

Aliases

1. CVE-2017-159062. NVD-2017-159063. OSV-DEBIAN-2017-159064. OSV-2017-159065. OSV-ALPINE-2017-159066. SECURITY-TRACKER-CVE-2017-159067. SECURITY-CVE-2017-15906