Update to 4.0, which include a fix for security issue (Arbitrary command execution) recently discoverd by Jason Wies. See followings for details: http://www.sublimation.org/scponly/#relnotes http://www.securityfocus.com/archive/1/383046 http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273&w=2 Fix: Apply following patch, How-To-Repeat: According to the Jason's report, ssh restricteduser@remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp' scp command.sh restricteduser@remotehost:/tmp/command.sh ssh restricteduser@remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp' Regarding to the first item, /tmp/example is actually touch(1)'ed (Please note that touch(1) is not allowed program by scponly). Second item is confirmed to work.
Hi, > >Category: ports > >Responsible: freebsd-ports-bugs > >Synopsis: [Maintainer update] shells/scponly: Update to 4.0 (security vulnerability fixed in this version) > >Arrival-Date: Thu Dec 02 22:50:07 GMT 2004 I made a patch for this issue. Please consider applying following one to ports/security/vuxml/vuln.xml. Any improvements are welcome including words/grammer corrections. Regards, -- rushani --- vuln.xml.orig Fri Dec 3 08:13:10 2004 +++ vuln.xml Fri Dec 3 08:14:30 2004 @@ -32,6 +32,39 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f11b219a-44b6-11d9-ae2f-021106004fd6"> + <topic>rssh & scponly -- arbitrary command execution</topic> + <affects> + <package> + <name>rssh</name> + <range><le>2.2.2</le></range> + </package> + <package> + <name>scponly</name> + <range><lt>4.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jason Wies identified both rssh & scponly has a vulnerability + that allows arbitrary command execution. He reports:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273"> + <p>The problem is compounded when you recognize that the main use of rssh and + scponly is to allow file transfers, which in turn allows a malicious user to + transfer and execute entire custom scripts on the remote machine.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/74633</freebsdpr> + <mlist msgid="20041202135143.GA7105@xc.net">http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273</mlist> + </references> + <dates> + <discovery>2004-11-28</discovery> + <entry>2004-12-02</entry> + </dates> + </vuln> + <vuln vid="2b4d5288-447e-11d9-9ebb-000854d03344"> <topic>rockdodger -- buffer overflows</topic> <affects>
State Changed From-To: open->closed Committed, thanks!