scponly scp -S Arbitrary Remote Command Execution

2004-12-02T09:10:47
ID OSVDB:12183
Type osvdb
Reporter Jason Wies(jason@xc.net)
Modified 2004-12-02T09:10:47

Description

Vulnerability Description

scponly contains a flaw that may allow a remote malicious user to bypass certain security restrictions. The issue is triggered when 'scp -S' is used with scponly. The problem is that some of the predefined applications support flags (-S), which allow command execution. It is possible that the flaw may allow an attacker to bypass the shell restriction and execute arbitrary commands resulting in a loss of integrity.

Solution Description

Upgrade to version 4.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

scponly contains a flaw that may allow a remote malicious user to bypass certain security restrictions. The issue is triggered when 'scp -S' is used with scponly. The problem is that some of the predefined applications support flags (-S), which allow command execution. It is possible that the flaw may allow an attacker to bypass the shell restriction and execute arbitrary commands resulting in a loss of integrity.

References:

Vendor URL: http://www.sublimation.org/scponly/ Security Tracker: 1012418 Secunia Advisory ID:13369 Secunia Advisory ID:13364 Related OSVDB ID: 12182 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200412-01.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0020.html ISS X-Force ID: 18362 CVE-2004-1162