Executive Summary
| Summary | |
|---|---|
| Title | New scponly packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1473 | First vendor Publication | 2008-01-21 |
| Vendor | Debian | Last vendor Modification | 2008-01-21 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 8.5 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350. In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands (CVE-2007-6415). This update removes Subversion, rsync and Unison support from the scponly package, and prevents scp from being invoked with the dangerous options. For the stable distribution (etch), these problems have been fixed in version 4.6-1etch1. For the old stable distribution (sarge), these problems have been fixed in version 4.0-1sarge2. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your scponly package. |
Original Source
| Url : http://www.debian.org/security/2008/dsa-1473 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18701 | |||
| Oval ID: | oval:org.mitre.oval:def:18701 | ||
| Title: | DSA-1473-1 scponly - arbitrary code execution | ||
| Description: | Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned <a href="http://security-tracker.debian.org/tracker/CVE-2007-6350">CVE-2007-6350</a>. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1473-1 CVE-2007-6350 CVE-2007-6415 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | scponly |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7732 | |||
| Oval ID: | oval:org.mitre.oval:def:7732 | ||
| Title: | DSA-1473 scponly -- design flaw | ||
| Description: | Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350. In addition, it was discovered that it was possible to invoke scp with certain options that may lead to the execution of arbitrary commands (CVE-2007-6415). This update removes Subversion, rsync and Unison support from the scponly package, and prevents scp from being invoked with the dangerous options. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1473 CVE-2007-6350 CVE-2007-6415 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | scponly |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-02-16 | Name : Fedora Update for scponly FEDORA-2008-1728 File : nvt/gb_fedora_2008_1728_scponly_fc7.nasl |
| 2009-02-16 | Name : Fedora Update for scponly FEDORA-2008-1743 File : nvt/gb_fedora_2008_1743_scponly_fc8.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200802-06 (scponly) File : nvt/glsa_200802_06.nasl |
| 2008-01-31 | Name : Debian Security Advisory DSA 1473-1 (scponly) File : nvt/deb_1473_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 44137 | scponly Multiple Subcommands Crafted Subversion (SVN) Repository Restriction ... |
| 42843 | scponly -Fo Restricted Shell Bypass Arbitrary Code Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1728.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1743.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200802-06.nasl - Type : ACT_GATHER_INFO |
| 2008-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1473.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:27:15 |
|
| 2013-05-11 12:17:42 |
|
