Gentoo Logo

scponly: Multiple vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200802-06 / scponly
Release Date February 12, 2008
Latest Revision February 13, 2008: 02
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/scponly < 4.8 >= 4.8 All supported architectures

Related bugreports: #201726, #203099

Synopsis

Multiple vulnerabilities in scponly allow authenticated users to bypass security restrictions.

2.  Impact Information

Background

scponly is a shell for restricting user access to file transfer only using sftp and scp.

Description

Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner (CVE-2007-6350). It has also been discovered that scponly does not filter the -o and -F options to the scp executable (CVE-2007-6415).

Impact

A local attacker could exploit these vulnerabilities to elevate privileges and execute arbitrary commands on the vulnerable host.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All scponly users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8"

Due to the design of scponly's Subversion support, security restrictions can still be circumvented. Please read carefully the SECURITY file included in the package.

4.  References

Print

Page updated February 12, 2008

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.