Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 203099 (CVE-2007-6415) - net-misc/scponly < 4.8 OpenSSH Security bypas (CVE-2007-6415)
Summary: net-misc/scponly < 4.8 OpenSSH Security bypas (CVE-2007-6415)
Alias: CVE-2007-6415
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2007-12-22 22:38 UTC by Robert Buchholz (RETIRED)
Modified: 2008-02-12 21:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

scponly-CVE-2007-6415.patch (scponly-CVE-2007-6415.patch,382 bytes, patch)
2008-01-22 23:45 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-22 22:38:36 UTC
Florian Weimer discovered the following vulnerability:

scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking scp, as implemented
by OpenSSH, with the -F and -o options.

This issue is currently under embargo, no release date set.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-06 18:43:15 UTC
Seems like a B2 to me (arbitrary command execution).
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-01-22 23:45:40 UTC
Created attachment 141623 [details, diff]

Part of the Debian diff.gz
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-01-22 23:46:59 UTC
Matsuu, please update the ebuild. I assume the patch attached above is the fix for this vulnerability, but if you can have a look again, please do.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-01-23 01:53:17 UTC
Comment on attachment 141623 [details, diff]

The above patch is not enough, see
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-01-23 02:02:29 UTC
Good thing to know, the patch is already in our stable 4.8.

GLSA request filed.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-23 09:04:11 UTC
Lets do a GLSA with #201726. Commented on the GLSA request.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 21:09:24 UTC
GLSA 200802-06, sorry for the delay.