Vulnerability Description
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
CVSS Score
8.5
HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 3.1 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148Exploit
- http://bugs.gentoo.org/show_bug.cgi?id=203099
- http://secunia.com/advisories/28538PatchVendor Advisory
- http://secunia.com/advisories/28944
- http://secunia.com/advisories/28981
- http://security.gentoo.org/glsa/glsa-200802-06.xml
- http://www.debian.org/security/2008/dsa-1473
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.h
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.h
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148Exploit
- http://bugs.gentoo.org/show_bug.cgi?id=203099
- http://secunia.com/advisories/28538PatchVendor Advisory
- http://secunia.com/advisories/28944
- http://secunia.com/advisories/28981
- http://security.gentoo.org/glsa/glsa-200802-06.xml
FAQ
What is CVE-2007-6415?
CVE-2007-6415 is a vulnerability with a CVSS score of 8.5 (HIGH). scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
How severe is CVE-2007-6415?
CVE-2007-6415 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6415?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux.