The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. (CVE-2017-15906)
Impact
BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, LineRate, and ARX
There is no impact; these F5 products are not affected by this vulnerability.
Traffix SDC
The attacker may be allowed to create zero-length files on the system when the vulnerability is exploited.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.10 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.5.6 | |
big-ip afm | eq | 11.5.7 | |
big-ip afm | eq | 11.5.8 | |
big-ip afm | eq | 11.5.9 |