First published: Fri Dec 14 2007(Updated: )
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Scponly Scponly | <=4.6 | |
Scponly Scponly | =4.3 | |
Scponly Scponly | =4.2 | |
Scponly Scponly | =4.5 | |
Scponly Scponly | =4.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-6350 has a moderate severity level that could allow remote authenticated users to execute arbitrary code.
To fix CVE-2007-6350, upgrade to scponly version 4.7 or later.
CVE-2007-6350 allows the execution of dangerous subcommands such as unison, rsync, svn, and svnserve.
CVE-2007-6350 affects scponly versions 4.6 and earlier.
Yes, CVE-2007-6350 can enable remote authenticated users to bypass restrictions and gain unauthorized access.