Florian Weimer discovered the following vulnerability: scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking scp, as implemented by OpenSSH, with the -F and -o options. This issue is currently under embargo, no release date set.
Seems like a B2 to me (arbitrary command execution).
Created attachment 141623 [details, diff] scponly-CVE-2007-6415.patch Part of the Debian diff.gz
Matsuu, please update the ebuild. I assume the patch attached above is the fix for this vulnerability, but if you can have a look again, please do.
Comment on attachment 141623 [details, diff] scponly-CVE-2007-6415.patch The above patch is not enough, see https://bugzilla.redhat.com/show_bug.cgi?id=426072
Good thing to know, the patch is already in our stable 4.8. GLSA request filed.
Lets do a GLSA with #201726. Commented on the GLSA request.
GLSA 200802-06, sorry for the delay.