OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability

Bugtraq ID: 101552
Class: Design Error
CVE: CVE-2017-15906
Remote: Yes
Local: No
Published: Oct 03 2017 12:00AM
Updated: Nov 22 2017 09:08AM
Credit: Michal Zalewski.
Vulnerable: OpenSSH OpenSSH 4.2
OpenSSH OpenSSH 4.1
OpenSSH OpenSSH 4.0 p1
OpenSSH OpenSSH 4.0
OpenSSH OpenSSH 3.9 p1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
OpenSSH OpenSSH 3.8.1 p1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
OpenSSH OpenSSH 3.7.1
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.7 .1p2
OpenSSH OpenSSH 3.7
OpenSSH OpenSSH 3.6.1
+ Novell Netware 6.5
OpenSSH OpenSSH 3.5
OpenSSH OpenSSH 3.4 p1-5
OpenSSH OpenSSH 3.4
OpenSSH OpenSSH 3.3
+ Openwall Openwall GNU/*/Linux (Owl)-current
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.0.2 p1
+ Guardian Digital Engarde Secure Linux 1.0.1
+ HP VirtualVault 4.6
OpenSSH OpenSSH 3.0.2
- Debian Linux 3.0
+ FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
+ FreeBSD FreeBSD 4.5 -RELEASE
+ OpenPKG OpenPKG 1.0
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ SuSE Linux 8.0
OpenSSH OpenSSH 3.0.1 p1
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 3.0
OpenSSH OpenSSH 2.9
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
OpenSSH OpenSSH 2.5.2
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
- SuSE Linux 7.0 sparc
- SuSE Linux 7.0 ppc
- SuSE Linux 7.0 i386
- SuSE Linux 7.0 alpha
- SuSE Linux 6.4 ppc
- SuSE Linux 6.4 i386
- SuSE Linux 6.4 alpha
OpenSSH OpenSSH 2.2 .0p1
OpenSSH OpenSSH 2.2
+ NetBSD NetBSD 1.5
OpenSSH OpenSSH 2.1.1
+ SuSE Linux 7.0 sparc
+ SuSE Linux 7.0 ppc
+ SuSE Linux 7.0 i386
+ SuSE Linux 7.0 alpha
OpenSSH OpenSSH 2.1
OpenSSH OpenSSH 1.2.3
+ Blue Coat Systems Security Gateway OS 2.1.5001 SP1
OpenSSH OpenSSH 1.2.2
OpenSSH OpenSSH 7.4
OpenSSH OpenSSH 7.3
OpenSSH OpenSSH 7.2
OpenSSH OpenSSH 7.1p1
OpenSSH OpenSSH 7.1
OpenSSH OpenSSH 7.0
OpenSSH OpenSSH 6.9p1
OpenSSH OpenSSH 6.9
OpenSSH OpenSSH 6.8
OpenSSH OpenSSH 6.7
+ NetBSD NetBSD 1.5.1
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Live-CD for Firewall
+ S.u.S.E. SuSE eMail Server III
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.6
- SCO Open Server 5.0.5
- SCO Open Server 5.0.4
- SCO Open Server 5.0.3
- SCO Open Server 5.0.2
- SCO Open Server 5.0.1
- SCO Open Server 5.0
+ SuSE Linux 7.3
+ SuSE Linux 7.2
+ SuSE Linux 7.1
+ SuSE SUSE Linux Enterprise Server 7
OpenSSH OpenSSH 6.6
OpenSSH OpenSSH 6.5
OpenSSH OpenSSH 6.4
OpenSSH OpenSSH 6.3
OpenSSH OpenSSH 6.2
OpenSSH OpenSSH 6.1
OpenSSH OpenSSH 6.0
OpenSSH OpenSSH 5.8 p2
OpenSSH OpenSSH 5.8
OpenSSH OpenSSH 5.7
OpenSSH OpenSSH 5.6
OpenSSH OpenSSH 5.5
OpenSSH OpenSSH 5.4
OpenSSH OpenSSH 5.3
OpenSSH OpenSSH 5.1
OpenSSH OpenSSH 5.0
OpenSSH OpenSSH 4.9
OpenSSH OpenSSH 4.8
OpenSSH OpenSSH 4.7
OpenSSH OpenSSH 4.6
OpenSSH OpenSSH 4.5
OpenSSH OpenSSH 4.4.p1
OpenSSH OpenSSH 4.4
OpenSSH OpenSSH 4.3.0
OpenSSH OpenSSH 4.2p1
OpenSSH OpenSSH 1.127
OpenSSH OpenSSH 1.126
IBM Vios 2.2.3
IBM Vios 2.2.1 4
IBM Vios 2.2
IBM Vios 2.2.4.0
IBM Vios 2.2.3.50
IBM Vios 2.2.3.4
IBM Vios 2.2.3.3
IBM Vios 2.2.3.2
IBM Vios 2.2.3.0
IBM Vios 2.2.2.6
IBM Vios 2.2.2.5
IBM Vios 2.2.2.4
IBM Vios 2.2.2.0
IBM Vios 2.2.1.9
IBM Vios 2.2.1.8
IBM Vios 2.2.1.3
IBM Vios 2.2.1.1
IBM Vios 2.2.1.0
IBM Vios 2.2.0.13
IBM Vios 2.2.0.12
IBM Vios 2.2.0.11
IBM Vios 2.2.0.10
IBM Aix 7.2
IBM AIX 7.1
IBM AIX 6.1
IBM AIX 5.3
Not Vulnerable: OpenSSH OpenSSH 7.6


 

Privacy Statement
Copyright 2010, SecurityFocus