CVE 2007-6415
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
Related bugs and status
CVE-2007-6415 (Candidate) is related to these bugs:
Bug #185035: [scponly] [CVE-2007-6350] [CVE-2007-6415] design flaw may lead to execution of arbitrary commands
Bug #249593: CVE-2007-6415 - scponly allows remote command execution
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
249593 | CVE-2007-6415 - scponly allows remote command execution | scponly (Ubuntu) | Undecided | Invalid | ||
249593 | CVE-2007-6415 - scponly allows remote command execution | scponly (Ubuntu Dapper) | Undecided | Fix Released | ||
249593 | CVE-2007-6415 - scponly allows remote command execution | scponly (Ubuntu Feisty) | Undecided | Won't Fix | ||
249593 | CVE-2007-6415 - scponly allows remote command execution | scponly (Ubuntu Gutsy) | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.