CVE-2007-6350

2007-12-1400:00:00

ubuntu.com

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.2%

JSON

scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking dangerous subcommands
including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally
demonstrated by creating a Subversion (SVN) repository with malicious
hooks, then using svn to trigger execution of those hooks.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/scponly/+bug/185035>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchscponly< 4.6-1etch1build0.6.06.1UNKNOWN
ubuntu7.10noarchscponly< 4.6-1.1UNKNOWN
ubuntu8.04noarchscponly< 4.6-1.1UNKNOWN
ubuntu8.10noarchscponly< 4.6-1.1UNKNOWN
ubuntu9.04noarchscponly< 4.6-1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	scponly	< 4.6-1etch1build0.6.06.1	UNKNOWN
ubuntu	7.10	noarch	scponly	< 4.6-1.1	UNKNOWN
ubuntu	8.04	noarch	scponly	< 4.6-1.1	UNKNOWN
ubuntu	8.10	noarch	scponly	< 4.6-1.1	UNKNOWN
ubuntu	9.04	noarch	scponly	< 4.6-1.1	UNKNOWN