scponly: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 200802-06 / scponly
||February 12, 2008
||February 13, 2008: 02
All supported architectures
Multiple vulnerabilities in scponly allow authenticated users to bypass
scponly is a shell for restricting user access to file transfer only
using sftp and scp.
Joachim Breitner reported that Subversion and rsync support invokes
subcommands in an insecure manner (CVE-2007-6350). It has also been
discovered that scponly does not filter the -o and -F options to the
scp executable (CVE-2007-6415).
A local attacker could exploit these vulnerabilities to elevate
privileges and execute arbitrary commands on the vulnerable host.
There is no known workaround at this time.
All scponly users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8"
Due to the design of scponly's Subversion support, security
restrictions can still be circumvented. Please read carefully the
SECURITY file included in the package.