Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 203099 (CVE-2007-6415)

Summary: net-misc/scponly < 4.8 OpenSSH Security bypas (CVE-2007-6415)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: matsuu
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00034.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
scponly-CVE-2007-6415.patch none

Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-22 22:38:36 UTC 
Florian Weimer discovered the following vulnerability:

scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking scp, as implemented
by OpenSSH, with the -F and -o options.

This issue is currently under embargo, no release date set.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-06 18:43:15 UTC 
Seems like a B2 to me (arbitrary command execution).
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-01-22 23:45:40 UTC 
Created attachment 141623 [details, diff]
scponly-CVE-2007-6415.patch

Part of the Debian diff.gz
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-01-22 23:46:59 UTC 
Matsuu, please update the ebuild. I assume the patch attached above is the fix for this vulnerability, but if you can have a look again, please do.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-01-23 01:53:17 UTC 
Comment on attachment 141623 [details, diff]
scponly-CVE-2007-6415.patch

The above patch is not enough, see
https://bugzilla.redhat.com/show_bug.cgi?id=426072
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-01-23 02:02:29 UTC 
Good thing to know, the patch is already in our stable 4.8.

GLSA request filed.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-23 09:04:11 UTC 
Lets do a GLSA with #201726. Commented on the GLSA request.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 21:09:24 UTC 
GLSA 200802-06, sorry for the delay.