GLSA-201801-05 : OpenSSH: Permission issue
Medium Nessus Plugin ID 105631
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201801-05 (OpenSSH: Permission issue)
The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode.
A remote attacker could cause the creation of zero-length files.
There is no known workaround at this time.
SolutionAll OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/openssh-7.5_p1-r3'