sftp-server read only permitting zero-length files to be created query

Chris High highc at us.ibm.com
Thu Oct 5 01:51:45 AEDT 2017


OpenSSH team,

The document:  http://www.openssh.com/txt/release-7.6
indicates:
   Security
   - --------

    * sftp-server(8): in read-only mode, sftp-server was incorrectly
      permitting creation of zero-length files. Reported by Michal
      Zalewski.

But when I look here:  https://www.openssh.com/security.html
I don't see this item listed.  At what version was this security problem
introduced?  Or is this applicable to all versions older than 7.6?

Thanks -
  Chris



More information about the openssh-unix-dev mailing list