CVE Vulnerability

CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 9.2

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact NONE

Scope

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148 Exploit
http://www.debian.org/security/2008/dsa-1473
http://secunia.com/advisories/28538 Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200802-06.xml
http://bugs.gentoo.org/show_bug.cgi?id=203099
http://secunia.com/advisories/28944
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
http://secunia.com/advisories/28981
Configurations

Configuration 1

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Information

Published : 2008-01-25 12:00

Updated : 2008-09-05 09:33

NVD link : CVE-2007-6415

Mitre link : CVE-2007-6415

Products Affected
No products.
CWE
CWE-94