SB2017121537 - Denial of service in openssh (Alpine package)
Published: December 15, 2017
Security Bulletin ID
SB2017121537
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2017-15906)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists in the process_open() function due to improper prevention of write operations in read-only mode. A remote attacker can create zero-length files and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=41b4f2fefdc60865e8d4d1e5f7417a93cbf988dd
- https://git.alpinelinux.org/aports/commit/?id=c314d18b4e1c932d8670c49f265f919242b7a17b
- https://git.alpinelinux.org/aports/commit/?id=2faa284e53851f31d06fbb36a9853d4622b701f4
- https://git.alpinelinux.org/aports/commit/?id=5194cd0c57ce48536e2789ee281c71252f4e0236
- https://git.alpinelinux.org/aports/commit/?id=b5a87ce053216868f8f57117d7372db9967abd09
- https://git.alpinelinux.org/aports/commit/?id=b27b200a592ab680135f012a56359d52d2540b09
- https://git.alpinelinux.org/aports/commit/?id=cd9e926efc77d1b155c76c221d3d06dace296953