Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6350

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2007-6350
Last Modified 08 Aug 2011 12:00:00
Published 14 Dec 2007 03:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6350

Summary

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

Vulnerable Systems

Application

  • Scponly 4.2

  • Scponly 4.3

  • Scponly 4.4

  • Scponly 4.5

  • Scponly 4.6


References

FEDORA - FEDORA-2008-1728

FEDORA - FEDORA-2008-1743

VUPEN - ADV-2007-4243

SECTRACK - 1019103

BID - 26900

DEBIAN - DSA-1473

GENTOO - GLSA-200802-06

SECUNIA - 28981

SECUNIA - 28944

SECUNIA - 28538

SECUNIA - 28123

CONFIRM - http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup

OSVDB - 44137

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=201726

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148


Last Updated: 27 May 2016 10:46:28