1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200802-06 / scponly |
| Release Date | February 12, 2008 |
| Latest Revision | February 13, 2008: 02 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-misc/scponly | < 4.8 | >= 4.8 | All supported architectures |
Related bugreports: #201726, #203099
Multiple vulnerabilities in scponly allow authenticated users to bypass security restrictions.
scponly is a shell for restricting user access to file transfer only using sftp and scp.
Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner (CVE-2007-6350). It has also been discovered that scponly does not filter the -o and -F options to the scp executable (CVE-2007-6415).
A local attacker could exploit these vulnerabilities to elevate privileges and execute arbitrary commands on the vulnerable host.
There is no known workaround at this time.
All scponly users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8" |
Due to the design of scponly's Subversion support, security restrictions can still be circumvented. Please read carefully the SECURITY file included in the package.