sftp-server read only permitting zero-length files to be created query
Chris High
highc at us.ibm.com
Thu Oct 5 01:51:45 AEDT 2017
OpenSSH team,
The document: http://www.openssh.com/txt/release-7.6
indicates:
Security
- --------
* sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
But when I look here: https://www.openssh.com/security.html
I don't see this item listed. At what version was this security problem
introduced? Or is this applicable to all versions older than 7.6?
Thanks -
Chris
More information about the openssh-unix-dev
mailing list