Summary: | net-misc/scponly < 4.8 OpenSSH Security bypas (CVE-2007-6415) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | matsuu | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00034.html | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2007-12-22 22:38:36 UTC
Seems like a B2 to me (arbitrary command execution). Created attachment 141623 [details, diff]
scponly-CVE-2007-6415.patch
Part of the Debian diff.gz
Matsuu, please update the ebuild. I assume the patch attached above is the fix for this vulnerability, but if you can have a look again, please do. Comment on attachment 141623 [details, diff] scponly-CVE-2007-6415.patch The above patch is not enough, see https://bugzilla.redhat.com/show_bug.cgi?id=426072 Good thing to know, the patch is already in our stable 4.8. GLSA request filed. Lets do a GLSA with #201726. Commented on the GLSA request. GLSA 200802-06, sorry for the delay. |