Debian DSA-1473-1 : scponly - design flaw

high Nessus Plugin ID 30065

Synopsis

The remote Debian host is missing a security-related update.

Description

Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350.

In addition, it was discovered that it was possible to invoke scp with certain options that may lead to the execution of arbitrary commands (CVE-2007-6415 ).

This update removes Subversion, rsync and Unison support from the scponly package, and prevents scp from being invoked with the dangerous options.

Solution

Upgrade the scponly package.

For the old stable distribution (sarge), these problems have been fixed in version 4.0-1sarge2.

For the stable distribution (etch), these problems have been fixed in version 4.6-1etch1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

https://security-tracker.debian.org/tracker/CVE-2007-6350

https://security-tracker.debian.org/tracker/CVE-2007-6415

https://www.debian.org/security/2008/dsa-1473

Plugin Details

Severity: High

ID: 30065

File Name: debian_DSA-1473.nasl

Version: 1.20

Type: local

Agent: unix

Published: 1/27/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:scponly, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/21/2008

Reference Information

CVE: CVE-2007-6350, CVE-2007-6415

CWE: 264, 94

DSA: 1473