CVE-2007-6415

Related Files

Gentoo Linux Security Advisory 200802-6

Posted Feb 12, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200802-06 - Florian Weimer from Debian discovered that scponly does not filter the - -o and -F options to the scp executable (CVE-2007-6415). Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner (CVE-2007-6350). Versions less than 4.8 are affected.

tags | advisory

systems | linux, debian, gentoo

advisories | CVE-2007-6350, CVE-2007-6415

SHA-256 | a696c82ee26ae1b4774c3444ce5bd51104032a4228186e327864756a10af101a

Download | Favorite | View

Debian Linux Security Advisory 1473-1

Posted Jan 22, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1473-1 - Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands.

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2007-6350, CVE-2007-6415

SHA-256 | d9be4f71e0b50b93a87ff659086059038cad0a27666c0ce9b4a91097ba5faf1c

Download | Favorite | View