Re: sftp-server read only permitting zero-length files to be created query

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 4 Oct 2017, Chris High wrote:

> 
> OpenSSH team,
> 
> The document:  http://www.openssh.com/txt/release-7.6
> indicates:
>    Security
>    - --------
> 
>     * sftp-server(8): in read-only mode, sftp-server was incorrectly
>       permitting creation of zero-length files. Reported by Michal
>       Zalewski.
> 
> But when I look here:  https://www.openssh.com/security.html
> I don't see this item listed.

I've just committed the security.html updated

> At what version was this security problem
> introduced?  Or is this applicable to all versions older than 7.6?

All versions that support the read-only mode, so 5.5 onwards
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux