Denial of service in openssh (Alpine package)

1) Denial of service

EUVDB-ID: #VU9333

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-15906

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the process_open() function due to improper prevention of write operations in read-only mode. A remote attacker can create zero-length files and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

openssh (Alpine package): 6.1_p1-r0 - 7.2_p2-r4

CPE2.3

• cpe:2.3:o:alpine:openssh_alpine_package:6.1_p1-r0:*:*:*:*:alpine_linux:*:2.4
• cpe:2.3:o:alpine:openssh_alpine_package:6.1_p1-r1:*:*:*:*:alpine_linux:*:2.4
• cpe:2.3:o:alpine:openssh_alpine_package:6.1_p1-r2:*:*:*:*:alpine_linux:*:2.4

External links

https://git.alpinelinux.org/aports/commit/?id=41b4f2fefdc60865e8d4d1e5f7417a93cbf988dd
https://git.alpinelinux.org/aports/commit/?id=c314d18b4e1c932d8670c49f265f919242b7a17b
https://git.alpinelinux.org/aports/commit/?id=2faa284e53851f31d06fbb36a9853d4622b701f4
https://git.alpinelinux.org/aports/commit/?id=5194cd0c57ce48536e2789ee281c71252f4e0236
https://git.alpinelinux.org/aports/commit/?id=b5a87ce053216868f8f57117d7372db9967abd09
https://git.alpinelinux.org/aports/commit/?id=b27b200a592ab680135f012a56359d52d2540b09
https://git.alpinelinux.org/aports/commit/?id=cd9e926efc77d1b155c76c221d3d06dace296953

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.