8.5

CVE-2007-6350

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ScponlyScponly Version <= 4.6
ScponlyScponly Version4.2
ScponlyScponly Version4.3
ScponlyScponly Version4.4
ScponlyScponly Version4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.36% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
http://bugs.gentoo.org/show_bug.cgi?id=201726
http://osvdb.org/44137
http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup
http://secunia.com/advisories/28123
Vendor Advisory
http://secunia.com/advisories/28538
Vendor Advisory
http://secunia.com/advisories/28944
Vendor Advisory
http://secunia.com/advisories/28981
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200802-06.xml
http://www.debian.org/security/2008/dsa-1473
http://www.securityfocus.com/bid/26900
http://www.securitytracker.com/id?1019103
http://www.vupen.com/english/advisories/2007/4243
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html