Support Content Notification - Support Portal

BSA-2018-538

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21486

Last Updated

20 September 2019

Initial Publication Date

27 February 2018

Status

Closed

Severity

Low

CVSS Base Score

5.3

WorkAround

Yes

Affected CVE

CVE-2017-15906

Summary

Security Advisory ID : BSA-2018-538

Component : OpenSSH

Revision : 2.0: Final

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Affected Products
Security updates have been provided in Brocade Fabric OS versions 8.2.2,8.2.1c,8.1.2h,7.4.2e and Ficon Patches 7.4.2a7, 8.1.2a7 8.2.0a4

Products Confirmed Not Vulnerable
Brocade Manageability Products are Not affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	February 27, 2018
2.0	Updated with all releases	September 20, 2019