8.5

CVE-2007-6415

Exploit
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.67% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 8 9.2
AV:N/AC:L/Au:S/C:C/I:C/A:N
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
Exploit
http://secunia.com/advisories/28538
Patch
Vendor Advisory
http://secunia.com/advisories/28944
http://secunia.com/advisories/28981
http://security.gentoo.org/glsa/glsa-200802-06.xml
http://www.debian.org/security/2008/dsa-1473
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
http://bugs.gentoo.org/show_bug.cgi?id=203099