OpenSSH < 7.6
Medium Nessus Plugin ID 103781
SynopsisThe SSH server running on the remote host is affected by a file creation restriction bypass vulnerability.
DescriptionAccording to its banner, the version of OpenSSH running on the remote host is prior to 7.6. It is, therefore, affected by a file creation restriction bypass vulnerability related to the 'process_open' function in the file 'sftp-server.c' that allows authenticated users to create zero-length files regardless of configuration.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to OpenSSH version 7.6 or later.