3 matches found
Debian Security Advisory DSA 969-1 (scponly)
The remote host is missing an update to scponly announced via advisory DSA 969-1. Max Vozeller discovered a vulnerability in scponly, a utility to restrict user commands to scp and sftp, that could lead to the execution of arbitray commands as root. The system is only vulnerable if the program...
[SECURITY] [DSA 969-1] New scponly packages fix potential root vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 969-1 [email protected] http://www.debian.org/security/ Martin Schulze February 13th, 2006 http://www.debian.org/security/faq -...
CVE-2005-4532
CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...