FKIE_CVE-2007-6350

Vulnerability from fkie_nvd - Published: 2007-12-14 20:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=201726
cve@mitre.orghttp://osvdb.org/44137
cve@mitre.orghttp://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup
cve@mitre.orghttp://secunia.com/advisories/28123Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28538Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28944Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28981Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200802-06.xml
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1473
cve@mitre.orghttp://www.securityfocus.com/bid/26900
cve@mitre.orghttp://www.securitytracker.com/id?1019103
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4243Vendor Advisory
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=201726
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/44137
af854a3a-2127-422b-91ae-364da2661108http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28123Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28538Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28944Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28981Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200802-06.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1473
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26900
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019103
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/4243Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
Impacted products
Vendor Product Version
scponly scponly *
scponly scponly 4.2
scponly scponly 4.3
scponly scponly 4.4
scponly scponly 4.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:scponly:scponly:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "117508D1-B46B-42BC-B782-FA07405AD92F",
              "versionEndIncluding": "4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:scponly:scponly:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9103A4C8-9706-4C9A-872A-8655A3E2C33D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:scponly:scponly:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9647F5-2FA5-44ED-9D36-3C32BAB26CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:scponly:scponly:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE94CA7-C407-4C32-A012-71547850CA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:scponly:scponly:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9895B767-8B21-4992-9C78-BB682E50658C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks."
    },
    {
      "lang": "es",
      "value": "scponly versiones 4.6 y anteriores, permite a los usuarios autenticados remotos omitir las restricciones previstas y ejecutar c\u00f3digo invocando subcomandos peligrosos incluyendo (1) unison, (2) rsync, (3) svn, y (4) svnserve, como es demostrado originalmente mediante la creaci\u00f3n de un repositorio Subversion (SVN) con ganchos (hooks) maliciosos, luego usando svn para desencadenar la ejecuci\u00f3n de esos ganchos (hooks)."
    }
  ],
  "id": "CVE-2007-6350",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-14T20:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=201726"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/44137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28123"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28538"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28944"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28981"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200802-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1473"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26900"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4243"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=201726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/44137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200802-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.