Re: OSVDB-166706
Hi
On Mon, Nov 13, 2017 at 09:19:45PM +0100, Bastian Blank wrote:
> On Mon, Nov 13, 2017 at 12:57:48PM +0000, Adam Weremczuk wrote:
> > Our quarterly PCI compliance scan has just challenged us on the following:
> > https://vulners.com/nessus/OPENSSH_76.NASL
> > Also referred to as OSVDB-166706.
>
> The only security fix in OpenSSH 7.6 is:
> | * sftp-server(8): in read-only mode, sftp-server was incorrectly
> | permitting creation of zero-length files. Reported by Michal
> | Zalewski.
>
> > As it's quite new I can't find much information on it online in terms of
> > potential hotfixes and workarounds.
>
> There seems to be no CVE id, so it may not really show up on the radar.
JFTR, this should be CVE-2017-15906.
Regards,
Salvatore
Reply to: