FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| b5a49db7-72fc-11da-9827-021106004fd6 | scponly -- local privilege escalation exploits
Max Vozeler reports:
If ALL the following conditions are true, administrators using
scponly-4.1 or older may be at risk of a local privilege
escalation exploit:
- the chrooted setuid scponlyc binary is installed
- regular non-scponly users have interactive shell access
to the box
- a user executable dynamically linked setuid binary
(such as ping) exists on the same file system mount
as the user's home directory
- the operating system supports an LD_PRELOAD style
mechanism to overload dynamic library loading
Pekka Pessi also reports:
If ANY the following conditions are true, administrators
using scponly-4.1 or older may be at risk of a local privilege
escalation exploit:
- scp compatibility is enabled
- rsync compatibility is enabled
Discovery 2005-12-21
Entry 2005-12-22
scponly
< 4.2
https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
http://sublimation.org/scponly/#relnotes
|