If a CVE database lists my version of OpenSSH as vulnerable, is it possible that it has been patched but retains the version number?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
6
down vote

favorite












I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.



Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?







share|improve this question





















  • That's possible. What OS are you running?
    – jordanm
    Jul 3 at 20:16










  • I'm running CentOS Linux
    – user187205
    Jul 3 at 20:30






  • 1




    If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
    – Austin Hemmelgarn
    Jul 4 at 13:24














up vote
6
down vote

favorite












I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.



Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?







share|improve this question





















  • That's possible. What OS are you running?
    – jordanm
    Jul 3 at 20:16










  • I'm running CentOS Linux
    – user187205
    Jul 3 at 20:30






  • 1




    If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
    – Austin Hemmelgarn
    Jul 4 at 13:24












up vote
6
down vote

favorite









up vote
6
down vote

favorite











I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.



Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?







share|improve this question













I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.



Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?









share|improve this question












share|improve this question




share|improve this question








edited Jul 4 at 5:00









muru

33.1k576139




33.1k576139









asked Jul 3 at 20:07









user187205

1312




1312











  • That's possible. What OS are you running?
    – jordanm
    Jul 3 at 20:16










  • I'm running CentOS Linux
    – user187205
    Jul 3 at 20:30






  • 1




    If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
    – Austin Hemmelgarn
    Jul 4 at 13:24
















  • That's possible. What OS are you running?
    – jordanm
    Jul 3 at 20:16










  • I'm running CentOS Linux
    – user187205
    Jul 3 at 20:30






  • 1




    If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
    – Austin Hemmelgarn
    Jul 4 at 13:24















That's possible. What OS are you running?
– jordanm
Jul 3 at 20:16




That's possible. What OS are you running?
– jordanm
Jul 3 at 20:16












I'm running CentOS Linux
– user187205
Jul 3 at 20:30




I'm running CentOS Linux
– user187205
Jul 3 at 20:30




1




1




If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
– Austin Hemmelgarn
Jul 4 at 13:24




If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
– Austin Hemmelgarn
Jul 4 at 13:24










4 Answers
4






active

oldest

votes

















up vote
11
down vote













CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7 or similar that is shipped in CentOS 7.



There is CVE database in Red Hat access portal:



https://access.redhat.com/security/cve/cve-2017-15906



With links to the erratas fixing the issues and with listing of packages fixing the specific issue:



https://access.redhat.com/errata/RHSA-2018:0980



Similarly you can get the changelog of your installed package and it should list something related to this CVE number.



Discaimer: I was fixing that package in this RHEL version.






share|improve this answer






























    up vote
    7
    down vote













    Got fixed in 7.4p1-16, way back in November 2017.



    $ rpm -q openssh-server
    openssh-server-7.4p1-16.el7.x86_64
    $ rpm -q --changelog openssh-server | grep CVE-2017-15906
    - Fix for CVE-2017-15906 (#1517226)
    $ rpm -q --changelog openssh-server | head
    * Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
    - Fix for CVE-2017-15906 (#1517226)

    * Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
    - Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
    - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
    - Do not segfault in audit code during cleanup (#1488083)
    - Add WinSCP 5.10+ compatibility (#1496808)
    - Clatch between ClientAlive and rekeying timeouts (#1480510)
    - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
    $





    share|improve this answer

















    • 1




      handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
      – Riking
      Jul 4 at 6:11


















    up vote
    2
    down vote













    OpenSSH 7.4p1 is affected by CVE-2017-15906.



    ... unless the distributor of that OpenSSH package has patched it.



    An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):



    openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
    * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
    in sftp-server.c.
    - CVE-2017-15906

    -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500


    Similarly for Fedora (7.4p1).



    Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).






    share|improve this answer






























      up vote
      1
      down vote













      According to the bugzilla the security bug is fixed on the 7.6 version for the system based on RHEL 7:




      Fixed In Version: openssh 7.6




      The description on RHEL CVE-2017-15906




      The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.




      Also this information is available on the openssh 7.6 release note




      Changes since OpenSSH 7.5



      Security



      • sftp-server(8): in read-only mode, sftp-server was incorrectly
        permitting creation of zero-length files. Reported by Michal
        Zalewski.



      The bug is fixed on 10 Apr 2018 for the openssh-7.4p1 : openssh security, bug fix, and enhancement update






      share|improve this answer



















      • 1




        probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
        – Jakuje
        Jul 3 at 21:04










      • @Jakuje thank you , I will edit
        – GAD3R
        Jul 3 at 21:04






      • 2




        But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
        – Jakuje
        Jul 3 at 21:08










      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );








       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453294%2fif-a-cve-database-lists-my-version-of-openssh-as-vulnerable-is-it-possible-that%23new-answer', 'question_page');

      );

      Post as a guest






























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      11
      down vote













      CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7 or similar that is shipped in CentOS 7.



      There is CVE database in Red Hat access portal:



      https://access.redhat.com/security/cve/cve-2017-15906



      With links to the erratas fixing the issues and with listing of packages fixing the specific issue:



      https://access.redhat.com/errata/RHSA-2018:0980



      Similarly you can get the changelog of your installed package and it should list something related to this CVE number.



      Discaimer: I was fixing that package in this RHEL version.






      share|improve this answer



























        up vote
        11
        down vote













        CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7 or similar that is shipped in CentOS 7.



        There is CVE database in Red Hat access portal:



        https://access.redhat.com/security/cve/cve-2017-15906



        With links to the erratas fixing the issues and with listing of packages fixing the specific issue:



        https://access.redhat.com/errata/RHSA-2018:0980



        Similarly you can get the changelog of your installed package and it should list something related to this CVE number.



        Discaimer: I was fixing that package in this RHEL version.






        share|improve this answer

























          up vote
          11
          down vote










          up vote
          11
          down vote









          CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7 or similar that is shipped in CentOS 7.



          There is CVE database in Red Hat access portal:



          https://access.redhat.com/security/cve/cve-2017-15906



          With links to the erratas fixing the issues and with listing of packages fixing the specific issue:



          https://access.redhat.com/errata/RHSA-2018:0980



          Similarly you can get the changelog of your installed package and it should list something related to this CVE number.



          Discaimer: I was fixing that package in this RHEL version.






          share|improve this answer















          CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7 or similar that is shipped in CentOS 7.



          There is CVE database in Red Hat access portal:



          https://access.redhat.com/security/cve/cve-2017-15906



          With links to the erratas fixing the issues and with listing of packages fixing the specific issue:



          https://access.redhat.com/errata/RHSA-2018:0980



          Similarly you can get the changelog of your installed package and it should list something related to this CVE number.



          Discaimer: I was fixing that package in this RHEL version.







          share|improve this answer















          share|improve this answer



          share|improve this answer








          edited Jul 3 at 21:08


























          answered Jul 3 at 21:02









          Jakuje

          15.6k52850




          15.6k52850






















              up vote
              7
              down vote













              Got fixed in 7.4p1-16, way back in November 2017.



              $ rpm -q openssh-server
              openssh-server-7.4p1-16.el7.x86_64
              $ rpm -q --changelog openssh-server | grep CVE-2017-15906
              - Fix for CVE-2017-15906 (#1517226)
              $ rpm -q --changelog openssh-server | head
              * Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
              - Fix for CVE-2017-15906 (#1517226)

              * Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
              - Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
              - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
              - Do not segfault in audit code during cleanup (#1488083)
              - Add WinSCP 5.10+ compatibility (#1496808)
              - Clatch between ClientAlive and rekeying timeouts (#1480510)
              - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
              $





              share|improve this answer

















              • 1




                handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
                – Riking
                Jul 4 at 6:11















              up vote
              7
              down vote













              Got fixed in 7.4p1-16, way back in November 2017.



              $ rpm -q openssh-server
              openssh-server-7.4p1-16.el7.x86_64
              $ rpm -q --changelog openssh-server | grep CVE-2017-15906
              - Fix for CVE-2017-15906 (#1517226)
              $ rpm -q --changelog openssh-server | head
              * Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
              - Fix for CVE-2017-15906 (#1517226)

              * Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
              - Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
              - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
              - Do not segfault in audit code during cleanup (#1488083)
              - Add WinSCP 5.10+ compatibility (#1496808)
              - Clatch between ClientAlive and rekeying timeouts (#1480510)
              - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
              $





              share|improve this answer

















              • 1




                handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
                – Riking
                Jul 4 at 6:11













              up vote
              7
              down vote










              up vote
              7
              down vote









              Got fixed in 7.4p1-16, way back in November 2017.



              $ rpm -q openssh-server
              openssh-server-7.4p1-16.el7.x86_64
              $ rpm -q --changelog openssh-server | grep CVE-2017-15906
              - Fix for CVE-2017-15906 (#1517226)
              $ rpm -q --changelog openssh-server | head
              * Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
              - Fix for CVE-2017-15906 (#1517226)

              * Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
              - Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
              - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
              - Do not segfault in audit code during cleanup (#1488083)
              - Add WinSCP 5.10+ compatibility (#1496808)
              - Clatch between ClientAlive and rekeying timeouts (#1480510)
              - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
              $





              share|improve this answer













              Got fixed in 7.4p1-16, way back in November 2017.



              $ rpm -q openssh-server
              openssh-server-7.4p1-16.el7.x86_64
              $ rpm -q --changelog openssh-server | grep CVE-2017-15906
              - Fix for CVE-2017-15906 (#1517226)
              $ rpm -q --changelog openssh-server | head
              * Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
              - Fix for CVE-2017-15906 (#1517226)

              * Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
              - Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
              - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
              - Do not segfault in audit code during cleanup (#1488083)
              - Add WinSCP 5.10+ compatibility (#1496808)
              - Clatch between ClientAlive and rekeying timeouts (#1480510)
              - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
              $






              share|improve this answer













              share|improve this answer



              share|improve this answer











              answered Jul 3 at 21:16









              steve

              12k22047




              12k22047







              • 1




                handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
                – Riking
                Jul 4 at 6:11













              • 1




                handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
                – Riking
                Jul 4 at 6:11








              1




              1




              handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
              – Riking
              Jul 4 at 6:11





              handy tip - grep -A20 for "twenty lines After a match" (and its friends, -Before and -Context)
              – Riking
              Jul 4 at 6:11











              up vote
              2
              down vote













              OpenSSH 7.4p1 is affected by CVE-2017-15906.



              ... unless the distributor of that OpenSSH package has patched it.



              An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):



              openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
              * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
              - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
              in sftp-server.c.
              - CVE-2017-15906

              -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500


              Similarly for Fedora (7.4p1).



              Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).






              share|improve this answer



























                up vote
                2
                down vote













                OpenSSH 7.4p1 is affected by CVE-2017-15906.



                ... unless the distributor of that OpenSSH package has patched it.



                An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):



                openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
                * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
                - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
                in sftp-server.c.
                - CVE-2017-15906

                -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500


                Similarly for Fedora (7.4p1).



                Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).






                share|improve this answer

























                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  OpenSSH 7.4p1 is affected by CVE-2017-15906.



                  ... unless the distributor of that OpenSSH package has patched it.



                  An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):



                  openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
                  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
                  - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
                  in sftp-server.c.
                  - CVE-2017-15906

                  -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500


                  Similarly for Fedora (7.4p1).



                  Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).






                  share|improve this answer















                  OpenSSH 7.4p1 is affected by CVE-2017-15906.



                  ... unless the distributor of that OpenSSH package has patched it.



                  An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):



                  openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
                  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
                  - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
                  in sftp-server.c.
                  - CVE-2017-15906

                  -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500


                  Similarly for Fedora (7.4p1).



                  Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).







                  share|improve this answer















                  share|improve this answer



                  share|improve this answer








                  edited Jul 3 at 20:46


























                  answered Jul 3 at 20:21









                  Kusalananda

                  101k13199312




                  101k13199312




















                      up vote
                      1
                      down vote













                      According to the bugzilla the security bug is fixed on the 7.6 version for the system based on RHEL 7:




                      Fixed In Version: openssh 7.6




                      The description on RHEL CVE-2017-15906




                      The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.




                      Also this information is available on the openssh 7.6 release note




                      Changes since OpenSSH 7.5



                      Security



                      • sftp-server(8): in read-only mode, sftp-server was incorrectly
                        permitting creation of zero-length files. Reported by Michal
                        Zalewski.



                      The bug is fixed on 10 Apr 2018 for the openssh-7.4p1 : openssh security, bug fix, and enhancement update






                      share|improve this answer



















                      • 1




                        probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
                        – Jakuje
                        Jul 3 at 21:04










                      • @Jakuje thank you , I will edit
                        – GAD3R
                        Jul 3 at 21:04






                      • 2




                        But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
                        – Jakuje
                        Jul 3 at 21:08














                      up vote
                      1
                      down vote













                      According to the bugzilla the security bug is fixed on the 7.6 version for the system based on RHEL 7:




                      Fixed In Version: openssh 7.6




                      The description on RHEL CVE-2017-15906




                      The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.




                      Also this information is available on the openssh 7.6 release note




                      Changes since OpenSSH 7.5



                      Security



                      • sftp-server(8): in read-only mode, sftp-server was incorrectly
                        permitting creation of zero-length files. Reported by Michal
                        Zalewski.



                      The bug is fixed on 10 Apr 2018 for the openssh-7.4p1 : openssh security, bug fix, and enhancement update






                      share|improve this answer



















                      • 1




                        probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
                        – Jakuje
                        Jul 3 at 21:04










                      • @Jakuje thank you , I will edit
                        – GAD3R
                        Jul 3 at 21:04






                      • 2




                        But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
                        – Jakuje
                        Jul 3 at 21:08












                      up vote
                      1
                      down vote










                      up vote
                      1
                      down vote









                      According to the bugzilla the security bug is fixed on the 7.6 version for the system based on RHEL 7:




                      Fixed In Version: openssh 7.6




                      The description on RHEL CVE-2017-15906




                      The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.




                      Also this information is available on the openssh 7.6 release note




                      Changes since OpenSSH 7.5



                      Security



                      • sftp-server(8): in read-only mode, sftp-server was incorrectly
                        permitting creation of zero-length files. Reported by Michal
                        Zalewski.



                      The bug is fixed on 10 Apr 2018 for the openssh-7.4p1 : openssh security, bug fix, and enhancement update






                      share|improve this answer















                      According to the bugzilla the security bug is fixed on the 7.6 version for the system based on RHEL 7:




                      Fixed In Version: openssh 7.6




                      The description on RHEL CVE-2017-15906




                      The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.




                      Also this information is available on the openssh 7.6 release note




                      Changes since OpenSSH 7.5



                      Security



                      • sftp-server(8): in read-only mode, sftp-server was incorrectly
                        permitting creation of zero-length files. Reported by Michal
                        Zalewski.



                      The bug is fixed on 10 Apr 2018 for the openssh-7.4p1 : openssh security, bug fix, and enhancement update







                      share|improve this answer















                      share|improve this answer



                      share|improve this answer








                      edited Jul 3 at 21:35


























                      answered Jul 3 at 21:02









                      GAD3R

                      22k154891




                      22k154891







                      • 1




                        probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
                        – Jakuje
                        Jul 3 at 21:04










                      • @Jakuje thank you , I will edit
                        – GAD3R
                        Jul 3 at 21:04






                      • 2




                        But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
                        – Jakuje
                        Jul 3 at 21:08












                      • 1




                        probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
                        – Jakuje
                        Jul 3 at 21:04










                      • @Jakuje thank you , I will edit
                        – GAD3R
                        Jul 3 at 21:04






                      • 2




                        But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
                        – Jakuje
                        Jul 3 at 21:08







                      1




                      1




                      probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
                      – Jakuje
                      Jul 3 at 21:04




                      probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
                      – Jakuje
                      Jul 3 at 21:04












                      @Jakuje thank you , I will edit
                      – GAD3R
                      Jul 3 at 21:04




                      @Jakuje thank you , I will edit
                      – GAD3R
                      Jul 3 at 21:04




                      2




                      2




                      But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
                      – Jakuje
                      Jul 3 at 21:08




                      But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
                      – Jakuje
                      Jul 3 at 21:08












                       

                      draft saved


                      draft discarded


























                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453294%2fif-a-cve-database-lists-my-version-of-openssh-as-vulnerable-is-it-possible-that%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?