CVE-2007-6350

Published: Dec 14, 2007Modified: Apr 23, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

Affected (5)

Products: Scponly: Scponly

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Scponly Scponly	Up to 4.6
Scponly Scponly	Version 4.2
Scponly Scponly	Version 4.3
Scponly Scponly	Version 4.4
Scponly Scponly	Version 4.5

Related CWEs

References (30)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

Source: cve@mitre.org

http://bugs.gentoo.org/show_bug.cgi?id=201726

Source: cve@mitre.org

http://osvdb.org/44137

Source: cve@mitre.org

http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup

Source: cve@mitre.org

http://secunia.com/advisories/28123

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28538

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28944

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28981

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200802-06.xml

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1473

Source: cve@mitre.org

http://www.securityfocus.com/bid/26900

Source: cve@mitre.org

http://www.securitytracker.com/id?1019103

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/4243

Source: cve@mitre.org

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.gentoo.org/show_bug.cgi?id=201726

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/44137

Source: af854a3a-2127-422b-91ae-364da2661108

http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28123

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28538

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28944

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28981

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200802-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1473

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26900

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019103

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/4243

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.