GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Feb 12, 2008 10:26 pm Post subject: [ GLSA 200802-06 ] scponly: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: scponly: Multiple vulnerabilities (GLSA 200802-06)
Severity: normal
Exploitable: local
Date: February 12, 2008
Updated: February 13, 2008
Bug(s): #201726, #203099
ID: 200802-06
Synopsis
Multiple vulnerabilities in scponly allow authenticated users to bypass security restrictions.
Background
scponly is a shell for restricting user access to file transfer only using sftp and scp.
Affected Packages
Package: net-misc/scponly
Vulnerable: < 4.8
Unaffected: >= 4.8
Architectures: All supported architectures
Description
Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner (CVE-2007-6350). It has also been discovered that scponly does not filter the -o and -F options to the scp executable (CVE-2007-6415).
Impact
A local attacker could exploit these vulnerabilities to elevate privileges and execute arbitrary commands on the vulnerable host.
Workaround
There is no known workaround at this time.
Resolution
All scponly users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8" |
Due to the design of scponly's Subversion support, security restrictions can still be circumvented. Please read carefully the SECURITY file included in the package.
References
CVE-2007-6350
CVE-2007-6415
Last edited by GLSA on Thu Feb 14, 2008 4:18 am; edited 1 time in total |
|
News & Announcements
