Debian: New scponly packages fix arbitrary code execution

    Date21 Jan 2008
    CategoryDebian
    4628
    Posted ByLinuxSecurity Advisories
    In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands (CVE-2007-6415).
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1473                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Florian Weimer
    January 21, 2008                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : scponly
    Vulnerability  : design flaw
    Problem type   : remote
    Debian-specific: no
    CVE Ids        : CVE-2007-6350, CVE-2007-6415
    Debian Bug     : 437148
    
    Joachim Breitner discovered that Subversion support in scponly is
    inherently insecure, allowing execution of arbitrary commands.  Further
    investigation showed that rsync and Unison support suffer from similar
    issues.  This set of issues has been assigned CVE-2007-6350.
    
    In addition, it was discovered that it was possible to invoke with scp
    with certain options that may lead to execution of arbitrary commands
    (CVE-2007-6415).
    
    This update removes Subversion, rsync and Unison support from the
    scponly package, and prevents scp from being invoked with the dangerous
    options.
    
    For the stable distribution (etch), these problems have been fixed in
    version 4.6-1etch1.
    
    For the old stable distribution (sarge), these problems have been fixed
    in version 4.0-1sarge2.
    
    The unstable distribution (sid) will be fixed soon.
    
    We recommend that you upgrade your scponly package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 3.1 (oldstable)
    - ----------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0.orig.tar.gz
        Size/MD5 checksum:    85053 1706732945996865ed0cccd440b64fc1
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2.diff.gz
        Size/MD5 checksum:    27490 380ea78eb602749989c8031a4f916c79
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2.dsc
        Size/MD5 checksum:      892 f37d3236975bdb6742eba5ac788c40c2
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_alpha.deb
        Size/MD5 checksum:    31322 c4d3637ba9ab71b2a05e1633de4abae4
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_amd64.deb
        Size/MD5 checksum:    30228 05493720ebd6da8ea4b44d7fc98b3337
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_arm.deb
        Size/MD5 checksum:    28806 2e38b46c8da8a2f118da64fb8d099ebd
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_hppa.deb
        Size/MD5 checksum:    30170 44b3383c7f63172f63791b99784e67a8
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_i386.deb
        Size/MD5 checksum:    29322 62413a011d04721bb4b6f9a3d9496e27
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_ia64.deb
        Size/MD5 checksum:    33034 c0673fdff69d062fc32231d3f3221405
    
    m68k architecture (Motorola Mc680x0)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_m68k.deb
        Size/MD5 checksum:    29002 b060925bb242e68612a358860e53db0b
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_mips.deb
        Size/MD5 checksum:    38442 4ae4a933ef2cd0bf527590af79a48065
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_mipsel.deb
        Size/MD5 checksum:    38390 e89fd088bfe33f2af1b2b4ca44c11ba7
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_powerpc.deb
        Size/MD5 checksum:    29704 5a6676d270e93eea5265354d907f7cbe
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_s390.deb
        Size/MD5 checksum:    29958 54f012f9d6b8eb9153458a5b9e2fba34
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_sparc.deb
        Size/MD5 checksum:    29270 66aba25ee7275478105d2c586920516a
    
    Debian 4.0 (stable)
    - -------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1.diff.gz
        Size/MD5 checksum:    28528 a588cb9138820d73f16bc81ffc4f8e20
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1.dsc
        Size/MD5 checksum:      890 c02dfefb7289fcb09e9ac83d7cf78655
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6.orig.tar.gz
        Size/MD5 checksum:    96578 0425cb868cadd026851238452f1db907
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_alpha.deb
        Size/MD5 checksum:    35464 acdec90eeea809b0cac14ad16d9914a3
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_amd64.deb
        Size/MD5 checksum:    34214 2bb425113107e4e471c15685333f1a0a
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_arm.deb
        Size/MD5 checksum:    32754 68e9b0b7c579679728c403af931a1510
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_hppa.deb
        Size/MD5 checksum:    34442 2c41c2878777dce6c6b8ad3f1f1cb6a7
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_i386.deb
        Size/MD5 checksum:    33384 5a05d1d731bf0e53962f117cc0addd12
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_ia64.deb
        Size/MD5 checksum:    49088 872ff6eaeb1ff894c1b1f50f7091f6e4
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_mips.deb
        Size/MD5 checksum:    34758 02c6727db7a546147423840d22c47f12
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_mipsel.deb
        Size/MD5 checksum:    34808 c89ffd2236d752ac270fb5ba62cd8e62
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_powerpc.deb
        Size/MD5 checksum:    33922 a4d6e0e689699638523de2754075a42e
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_s390.deb
        Size/MD5 checksum:    34176 5109fa87cfffb72f46e287e88d3b7a55
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_sparc.deb
        Size/MD5 checksum:    33322 42f50ca1d1d836fa4c80137a57ed66f1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.