8.5

CVE-2007-6350

EPSS 0.84%
Veröffentlicht 14.12.2007 20:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 18

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Scponly ≫ Scponly Version <= 4.6

Scponly ≫ Scponly Version4.2

Scponly ≫ Scponly Version4.3

Scponly ≫ Scponly Version4.4

Scponly ≫ Scponly Version4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.725

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

http://bugs.gentoo.org/show_bug.cgi?id=201726

http://osvdb.org/44137

http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup

http://secunia.com/advisories/28123

Vendor Advisory

http://secunia.com/advisories/28538

Vendor Advisory

http://secunia.com/advisories/28944

Vendor Advisory

http://secunia.com/advisories/28981

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200802-06.xml

http://www.debian.org/security/2008/dsa-1473

http://www.securityfocus.com/bid/26900

http://www.securitytracker.com/id?1019103

http://www.vupen.com/english/advisories/2007/4243

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html

https://nvd.nist.gov/vuln/detail/CVE-2007-6350

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6350

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6350

EUVD