8.5
CVE-2007-6415
- EPSS 3.67%
- Veröffentlicht 25.01.2008 00:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.67% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.5 | 8 | 9.2 |
AV:N/AC:L/Au:S/C:C/I:C/A:N
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
http://secunia.com/advisories/28538
http://secunia.com/advisories/28944
http://secunia.com/advisories/28981
http://security.gentoo.org/glsa/glsa-200802-06.xml
http://www.debian.org/security/2008/dsa-1473
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
http://bugs.gentoo.org/show_bug.cgi?id=203099