Vulnerabilities > CVE-2005-4533 - Local vulnerability in SCPOnly

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
scponly
nessus

Summary

Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-969.NASL
    descriptionMax Vozeler discovered a vulnerability in scponly, a utility to restrict user commands to scp and sftp, that could lead to the execution of arbitrary commands as root. The system is only vulnerable if the program scponlyc is installed setuid root and if regular users have shell access to the machine.
    last seen2020-06-01
    modified2020-06-02
    plugin id22835
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22835
    titleDebian DSA-969-1 : scponly - design error
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200512-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200512-17 (scponly: Multiple privilege escalation issues) Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates command-line parameters to a scp or rsync command. Impact : A local attacker could gain root privileges by chrooting into arbitrary directories containing hardlinks to setuid programs. A remote scponly user could also send malicious parameters to a scp or rsync command that would allow to escape the shell restrictions and execute arbitrary programs. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20358
    published2005-12-30
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20358
    titleGLSA-200512-17 : scponly: Multiple privilege escalation issues