Debian DSA-1473-1 : scponly - design flaw

high Nessus Plugin ID 30065
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350.

In addition, it was discovered that it was possible to invoke scp with certain options that may lead to the execution of arbitrary commands (CVE-2007-6415 ).

This update removes Subversion, rsync and Unison support from the scponly package, and prevents scp from being invoked with the dangerous options.

Solution

Upgrade the scponly package.

For the old stable distribution (sarge), these problems have been fixed in version 4.0-1sarge2.

For the stable distribution (etch), these problems have been fixed in version 4.6-1etch1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

https://security-tracker.debian.org/tracker/CVE-2007-6350

https://security-tracker.debian.org/tracker/CVE-2007-6415

https://www.debian.org/security/2008/dsa-1473

Plugin Details

Severity: High

ID: 30065

File Name: debian_DSA-1473.nasl

Version: 1.20

Type: local

Agent: unix

Published: 1/27/2008

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:scponly, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/21/2008

Reference Information

CVE: CVE-2007-6350, CVE-2007-6415

DSA: 1473

CWE: 94, 264