Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via getopt style argument specifications, which are not filtered.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Scponly | Scponly | 2.0 (including) | 2.0 (including) |
| Scponly | Scponly | 2.1 (including) | 2.1 (including) |
| Scponly | Scponly | 3.0 (including) | 3.0 (including) |
| Scponly | Scponly | 3.5 (including) | 3.5 (including) |
| Scponly | Scponly | 3.8 (including) | 3.8 (including) |
| Scponly | Scponly | 3.9 (including) | 3.9 (including) |
| Scponly | Scponly | 3.11 (including) | 3.11 (including) |
| Scponly | Scponly | 4.1 (including) | 4.1 (including) |
| Scponly | Ubuntu | dapper | * |
| Scponly | Ubuntu | devel | * |
| Scponly | Ubuntu | edgy | * |
| Scponly | Ubuntu | feisty | * |
References
- http://secunia.com/advisories/18223
- http://secunia.com/advisories/18236
- http://sublimation.org/scponly/#relnotes
- http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml
- http://www.securityfocus.com/bid/16051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23875
- http://secunia.com/advisories/18223
- http://secunia.com/advisories/18236
- http://sublimation.org/scponly/#relnotes
- http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml
- http://www.securityfocus.com/bid/16051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23875