CVE-2017-15906

Related Files

Red Hat Security Advisory 2018-0980-01

Posted Apr 11, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0980-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include improper write operations.

tags | advisory, protocol

systems | linux, redhat, unix

advisories | CVE-2017-15906

SHA-256 | 8f2094ddb9f05723691d28835308f22adeeb76b5904729af222a67245a066a96

Download | Favorite | View

Ubuntu Security Notice USN-3538-1

Posted Jan 23, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3538-1 - Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local

systems | linux, unix, ubuntu

advisories | CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2017-15906

SHA-256 | 964c48c0439d989a11cbdd7601e6770b0c099bed3a91031d5cd9afb0716a4b35

Download | Favorite | View

Gentoo Linux Security Advisory 201801-05

Posted Jan 8, 2018

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-5 - A flaw has been discovered in OpenSSH which could allow a remote attacker to create zero-length files. Versions less than 7.5_p1-r3 are affected.

tags | advisory, remote

systems | linux, gentoo

advisories | CVE-2017-15906

SHA-256 | 14de000d21f7e0cd3548508ee25e1fce2c416e19f43be0c0f7ebf24007e1511e

Download | Favorite | View