Debian
scponly package

[scponly] [CVE-2007-6350] [CVE-2007-6415] design flaw may lead to execution of arbitrary commands

Bug #185035 reported by disabled.user
258
Affects Status Importance Assigned to Milestone
scponly (Debian)
Fix Released
Unknown
scponly (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
High
Unassigned
Edgy
Won't Fix
High
Unassigned
Feisty
Won't Fix
High
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: scponly

References:
DSA-1473-1 (http://www.debian.org/security/2008/dsa-1473)

Quoting:
"Joachim Breitner discovered that Subversion support in scponly is
inherently insecure, allowing execution of arbitrary commands. Further
investigation showed that rsync and Unison support suffer from similar
issues. This set of issues has been assigned CVE-2007-6350.

In addition, it was discovered that it was possible to invoke with scp
with certain options that may lead to execution of arbitrary commands
(CVE-2007-6415).

This update removes Subversion, rsync and Unison support from the
scponly package, and prevents scp from being invoked with the dangerous
options."

CVE References

Revision history for this message
Michael Bienia (geser) wrote :

For hardy CVE-2007-6415 will get fixed once scponly 4.6-1.2 got synced from Debian unstable (see bug 185383).

Bug Watch Updater (bug-watch-updater)
Changed in scponly:
status: Unknown → Fix Released
William Grant (wgrant)
Changed in scponly:
status: New → Fix Released
importance: Undecided → High
status: New → Triaged
importance: Undecided → High
status: New → Triaged
importance: Undecided → High
status: New → Triaged
Revision history for this message
William Grant (wgrant) wrote :

CVE-2007-6350 is fixed in Gutsy, and both are fixed in Hardy.

Revision history for this message
Luca Falavigna (dktrkranz) wrote :

Edgy reached EOL on April 25th, 2008.

Changed in scponly:
status: Triaged → Won't Fix
Revision history for this message
LumpyCustard (orangelumpycustard) wrote :

Please could someone mark this as Won't Fix for Feisty?

Scott Kitterman (kitterman)
Changed in scponly:
status: Triaged → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in scponly (Ubuntu Gutsy):
status: New → Won't Fix
Jamie Strandboge (jdstrand)
Changed in scponly (Ubuntu Dapper):
status: Triaged → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

scponly (4.6-1etch1build0.6.06.1) dapper-security; urgency=low

  * fake sync from Debian

scponly (4.6-1etch1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Remove rsync, Subversion and Unison support because it was possible
    to gain shell access through them (CVE-2007-6350). Closes: #437148.
  * scp: -o and -F options are dangerous (CVE-2007-6415).

 -- Jamie Strandboge < <email address hidden>> Wed, 07 Oct 2009 07:47:50 -0500

Changed in scponly (Ubuntu Dapper):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.