Back to search
CVE-2007-6350
Published: Dec 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26900
vdb-entry
x_refsource_BID
DSA-1473
vendor-advisory
x_refsource_DEBIAN
http://bugs.gentoo.org/show_bug.cgi?id=201726
x_refsource_CONFIRM
http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup
x_refsource_CONFIRM
ADV-2007-4243
vdb-entry
x_refsource_VUPEN
GLSA-200802-06
vendor-advisory
x_refsource_GENTOO
28123
third-party-advisory
x_refsource_SECUNIA
44137
vdb-entry
x_refsource_OSVDB
1019103
vdb-entry
x_refsource_SECTRACK
28944
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-1728
vendor-advisory
x_refsource_FEDORA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
x_refsource_CONFIRM
28538
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-1743
vendor-advisory
x_refsource_FEDORA
28981
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now