[2/5] scponly Command Passthrough Security Bypass

December 17th, 2007 by

[2/5] scponly Command Passthrough Security Bypass

:A security issue has been reported in scponly, which can be exploited by malicious, local users to bypass certain security restrictions.The security issue is caused due to the unsafe execution of certain programs (e.g. svn, svnserve, rsync or unison) and can be exploited to execute arbitrary programs via various parameters.The security issue is reported in version 4.6. Other versions may also be affected.Solution:Fixed in the CVS repository. Follow the recommendations contained within the updated SECURITY document.http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markupProvided and/or discovered by:Joachim BreitnerOriginal Advisory:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

Original post by amit

[2/5] scponly Command Passthrough Security Bypass

Related Articles:

[2/5] Gentoo update for scponly

[2/5] Fedora update for scponly

[2/5] Debian update for scponly

[2/5] HP StorageWorks Command View Advanced Edition for XP Unauthorized User Account Access

[1/5] Sun Solaris scp Command Line Shell Command Injection

Posted in Advisories - Exploits | | [2/5] scponly Command Passthrough Security Bypass

<< [3/5] phpRPG SQL Injection and Information Disclosure | [3/5] exiftags Multiple Vulnerabilities >>

Cybertrion Systems

[2/5] scponly Command Passthrough Security Bypass

Categories

Archives:

Search:

Meta: