Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4533

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4533
Last Modified 05 Sep 2008 04:57:08
Published 27 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4533

Summary

Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatability are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.

Vulnerable Systems

Application

  • Scponly 2.0

  • Scponly 2.1

  • Scponly 3.0

  • Scponly 3.11

  • Scponly 3.5

  • Scponly 3.8

  • Scponly 3.9

  • Scponly 4.1


References

SECUNIA - 18223

CONFIRM - http://sublimation.org/scponly/#relnotes

XF - scponly-escape-shell-restrictions(23875)

BID - 16051

GENTOO - GLSA-200512-17

SECUNIA - 18236


Last Updated: 27 May 2016 10:41:20