Upstream information
Description
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 8.5 |
Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Access Vector | Network |
Access Complexity | Medium |
Authentication | Single |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 16:44:32 2013CVE page last modified: Fri Oct 7 12:45:39 2022