blob: e6001dbcd3dba4c3ff02f6c9c149027d4e8e337c [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200802-06">
<title>scponly: Multiple vulnerabilities</title>
Multiple vulnerabilities in scponly allow authenticated users to bypass
security restrictions.
<product type="ebuild">scponly</product>
<announced>February 12, 2008</announced>
<revised>February 13, 2008: 02</revised>
<package name="net-misc/scponly" auto="yes" arch="*">
<unaffected range="ge">4.8</unaffected>
<vulnerable range="lt">4.8</vulnerable>
scponly is a shell for restricting user access to file transfer only
using sftp and scp.
Joachim Breitner reported that Subversion and rsync support invokes
subcommands in an insecure manner (CVE-2007-6350). It has also been
discovered that scponly does not filter the -o and -F options to the
scp executable (CVE-2007-6415).
<impact type="normal">
A local attacker could exploit these vulnerabilities to elevate
privileges and execute arbitrary commands on the vulnerable host.
There is no known workaround at this time.
All scponly users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/scponly-4.8&quot;</code>
Due to the design of scponly's Subversion support, security
restrictions can still be circumvented. Please read carefully the
SECURITY file included in the package.
<uri link="">CVE-2007-6350</uri>
<uri link="">CVE-2007-6415</uri>
<metadata tag="requester" timestamp="Wed, 23 Jan 2008 02:02:07 +0000">
<metadata tag="submitter" timestamp="Wed, 06 Feb 2008 10:51:42 +0000">
<metadata tag="bugReady" timestamp="Wed, 06 Feb 2008 10:51:57 +0000">