This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200512-17
(scponly: Multiple privilege escalation issues)
Max Vozeler discovered that the scponlyc command allows users to chroot
into arbitrary directories. Furthermore, Pekka Pessi reported that
scponly insufficiently validates command-line parameters to a scp or
A local attacker could gain root privileges by chrooting into arbitrary
directories containing hardlinks to setuid programs. A remote scponly
user could also send malicious parameters to a scp or rsync command
that would allow to escape the shell restrictions and execute arbitrary
There is no known workaround at this time.
See also :
All scponly users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/scponly-4.2'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 20358 (gentoo_GLSA-200512-17.nasl)
CVE ID: CVE-2005-4532CVE-2005-4533
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.