https://nvd.nist.gov/vuln/detail/CVE-2017-15906 - Has not been fixed in FreeBSD 11.x Is there a special reason for this or was it forgotten? These are the mentioned lines: https://svnweb.freebsd.org/base/releng/11.2/crypto/openssh/sftp-server.c?view=markup#l694 A fix is availible (and has been released with v7.6 - so FBSD 12 isn't vulnerable) - see: https://github.com/vmware/photon/blob/master/SPECS/openssh/openssh-CVE-2017-15906.patch or from OpenBSD: https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
See Also: http://lists.nycbug.org/pipermail/talk/2017-December/017442.html where eadler apparently looped secteam in
HEAD received the OpenSSH 7.6p1 update in base r333389 so stable/12 has it
bump..
...
A commit references this bug: Author: emaste Date: Fri Dec 13 20:45:46 UTC 2019 New revision: 355731 URL: https://svnweb.freebsd.org/changeset/base/355731 Log: sftp: disallow creation (of empty files) in read-only mode Direct commit to stable/11; already fixed in newer OpenSSH in 12 and later. PR: 233801 Reported by: Dani Obtained from: OpenBSD 1.111 Security: CVE-2017-15906 Changes: stable/11/crypto/openssh/sftp-server.c