CVE-2004-1162

scponly < 4.0 - Authenticated Arbitrary Program Execution via Unison Command Flags

Title source: llm
STIX 2.1

Description

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110581113814623&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110202047507273&w=2
Various Sources x_refsource_confirm
http://www.sublimation.org/scponly/#relnotes
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18362
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11791

Scores

EPSS 0.0065
EPSS Percentile 71.1%

Details

Status published
Products (10)
gentoo/linux
scponly/scponly 2.0
scponly/scponly 2.1
scponly/scponly 2.3
scponly/scponly 2.4
scponly/scponly 3.0
scponly/scponly 3.5
scponly/scponly 3.8
scponly/scponly 3.9
scponly/scponly 3.11
Published Jan 10, 2005
Tracked Since Feb 18, 2026