LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

scponly: arbitrary command execution

Package(s):scponly CVE #(s):CVE-2007-6350 CVE-2007-6415
Created:January 22, 2008 Updated:February 18, 2008
Description: scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. (CVE-2007-6350)

In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands. (CVE-2007-6415).

Alerts:
Gentoo 200802-06 2008-02-12
Fedora FEDORA-2008-1743 2008-02-15
Fedora FEDORA-2008-1728 2008-02-15
Debian DSA-1473 2008-01-21
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds