Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1473-1
HistoryJan 21, 2008 - 12:00 a.m.

scponly - arbitrary code execution

2008-01-2100:00:00
Google
osv.dev
3

0.021 Low

EPSS

Percentile

89.2%

JSON

Joachim Breitner discovered that Subversion support in scponly is
inherently insecure, allowing execution of arbitrary commands. Further
investigation showed that rsync and Unison support suffer from similar
issues. This set of issues has been assigned CVE-2007-6350.

In addition, it was discovered that it was possible to invoke scp
with certain options that may lead to the execution of arbitrary commands
(CVE-2007-6415).

This update removes Subversion, rsync and Unison support from the
scponly package, and prevents scp from being invoked with the dangerous
options.

For the old stable distribution (sarge), these problems have been fixed
in version 4.0-1sarge2.

For the stable distribution (etch), these problems have been fixed in
version 4.6-1etch1.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your scponly package.

CPENameOperatorVersion
scponlyeq4.6-1

Related

nessus 4
openvas 8
fedora 2
securityvulns 2
gentoo 1
debian 1
prion 2
nvd 2
cve 2
ubuntucve 2
cvelist 2
altlinux 2
nessus
nessus
Fedora 8 : scponly-4.6-10.fc8 (2008-1743)
2008-02-18 00:00:00
Fedora 7 : scponly-4.6-10.fc7 (2008-1728)
2008-02-18 00:00:00
GLSA-200802-06 : scponly: Multiple vulnerabilities
2008-02-14 00:00:00
openvas
openvas
Fedora Update for scponly FEDORA-2008-1743
2009-02-16 00:00:00
Debian: Security Advisory (DSA-1473-1)
2008-01-31 00:00:00
Debian Security Advisory DSA 1473-1 (scponly)
2008-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: scponly-4.6-10.fc8
2008-02-16 02:09:08
[SECURITY] Fedora 7 Update: scponly-4.6-10.fc7
2008-02-16 02:14:48
securityvulns
securityvulns
scponly privilege escalation
2008-01-22 00:00:00
[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution
2008-01-22 00:00:00
gentoo
gentoo
scponly: Multiple vulnerabilities
2008-02-12 00:00:00
debian
debian
[SECURITY] [DSA 1473-1] New scponly packages fix arbitrary code execution
2008-01-21 19:33:26
prion
prion
Code injection
2008-01-25 00:00:00
Design/Logic Flaw
2007-12-14 20:46:00
nvd
nvd
CVE-2007-6415
2008-01-25 00:00:00
CVE-2007-6350
2007-12-14 20:46:00
cve
cve
CVE-2007-6415
2008-01-25 00:00:00
CVE-2007-6350
2007-12-14 20:46:00
ubuntucve
ubuntucve
CVE-2007-6415
2008-01-25 00:00:00
CVE-2007-6350
2007-12-14 00:00:00
cvelist
cvelist
CVE-2007-6350
2007-12-14 20:00:00
CVE-2007-6415
2008-01-24 23:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package scponly version 4.8-alt2
2009-07-19 00:00:00
Security fix for the ALT Linux 6 package scponly version 4.8-alt1
2008-02-05 00:00:00

0.021 Low

EPSS

Percentile

89.2%

JSON
Related for OSV:DSA-1473-1
nessus4openvas8fedora2securityvulns2gentoo1debian1prion2nvd2cve2ubuntucve2cvelist2altlinux2