OpenSSH SFTP read-only mode bypass

Oct 10, 2023

Summary

A vulnerability in OpenSSH's SFTP server allows authenticated users to create empty files even when read-only mode is enforced.

Vulnerability ID	Vulnerability Overview
CVE-2017-15906	The `process_open` function in the `sftp-server` component of OpenSSH (before version 7.6) does not properly evaluate write requests when operating in read-only mode (`-R`). An authenticated remote attacker can exploit this flaw to create zero-length files on the target system, bypassing the intended access restrictions of the read-only configuration.

Affected Supported TeraStations

TS6000
TS5010
TS3020/3010

Date	Description
10/10/2023	Initial release