CVE-2007-6415

scponly <4.6 - Command Injection

Title source: llm
STIX 2.1

Description

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1473
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200802-06.xml
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=203099
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28944
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28538
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28981

Scores

EPSS 0.0367
EPSS Percentile 88.3%

Details

CWE
CWE-94
Status published
Products (2)
debian/debian_linux 3.1
debian/debian_linux 4.0
Published Jan 25, 2008
Tracked Since Feb 18, 2026