Argument injection vulnerability

To: Debian-Italian-List <debian-italian@lists.debian.org>
Subject: Argument injection vulnerability
From: "Patrizio O.C. Melis" <cobe571@gmail.com>
Date: Mon, 28 Jan 2008 21:15:28 +0100
Message-id: <[🔎] c3b70bb10801281215l35241bd9mccdc43f87dd32350@mail.gmail.com>

Argument injection vulnerability in scponly 4.6 and earlier allows remote authenticated users to modify commands when scponly invokes (1) unison, (2) rsync, (3) svn, and (4) svnserve, which can be leveraged to execute arbitrary code, as demonstrated by the --diff3-cmd option to svn, a different vulnerability than CVE-2007-6350.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6415

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

http://secunia.com/advisories/28538

Reply to:

Prev by Date: Re: problema con gnome-volume-manager!
Next by Date: Re: 2.6.24 e ipw3945 -> impossibile compilare!!
Previous by thread: Re: 2.6.24 e ipw3945 -> impossibile compilare!!
Next by thread: gcc-4.3 in Lenny/Sid
Index(es):
- Date
- Thread