Fedora Local Security Checks : Fedora Core 7 FEDORA-2008-1728 (scponly)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.60414

Category: Fedora Local Security Checks

Title: Fedora Core 7 FEDORA-2008-1728 (scponly)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to scponly
announced via advisory FEDORA-2008-1728.

ChangeLog:

* Wed Feb 13 2008 Tomas Hoger - 4.6-10
- Add patch to prevent restriction bypass using OpenSSH's scp options -F
and -o (CVE-2007-6415, #426072)
* Mon Feb 11 2008 Warren Togami - 4.6-9
- rebuild with gcc-4.3
* Tue Dec 11 2007 Toshio Kuratomi - 4.6-8
- Disable rsync support due to security concerns: RH BZ#418201
* Tue Aug 21 2007 Warren Togami - 4.6-7
- rebuild

References:

[ 1 ] Bug #418201 - CVE-2007-6350 scponly: rsync, svn and unison support may be dangerous
https://bugzilla.redhat.com/show_bug.cgi?id=418201
[ 2 ] Bug #426072 - CVE-2007-6415 scponly: scp restriction bypass
https://bugzilla.redhat.com/show_bug.cgi?id=426072

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update scponly' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-1728

Risk factor : Critical

CVSS Score:
8.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6415
Debian Security Information: DSA-1473 (Google Search)
http://www.debian.org/security/2008/dsa-1473
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
http://security.gentoo.org/glsa/glsa-200802-06.xml
http://secunia.com/advisories/28538
http://secunia.com/advisories/28944
http://secunia.com/advisories/28981
Common Vulnerability Exposure (CVE) ID: CVE-2007-6350
BugTraq ID: 26900
http://www.securityfocus.com/bid/26900
http://osvdb.org/44137
http://www.securitytracker.com/id?1019103
http://secunia.com/advisories/28123
http://www.vupen.com/english/advisories/2007/4243

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.60414
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2008-1728 (scponly)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to scponly announced via advisory FEDORA-2008-1728. ChangeLog: * Wed Feb 13 2008 Tomas Hoger - 4.6-10 - Add patch to prevent restriction bypass using OpenSSH's scp options -F and -o (CVE-2007-6415, #426072) * Mon Feb 11 2008 Warren Togami - 4.6-9 - rebuild with gcc-4.3 * Tue Dec 11 2007 Toshio Kuratomi - 4.6-8 - Disable rsync support due to security concerns: RH BZ#418201 * Tue Aug 21 2007 Warren Togami - 4.6-7 - rebuild References: [ 1 ] Bug #418201 - CVE-2007-6350 scponly: rsync, svn and unison support may be dangerous https://bugzilla.redhat.com/show_bug.cgi?id=418201 [ 2 ] Bug #426072 - CVE-2007-6415 scponly: scp restriction bypass https://bugzilla.redhat.com/show_bug.cgi?id=426072 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update scponly' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-1728 Risk factor : Critical CVSS Score: 8.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6415 Debian Security Information: DSA-1473 (Google Search) http://www.debian.org/security/2008/dsa-1473 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html http://security.gentoo.org/glsa/glsa-200802-06.xml http://secunia.com/advisories/28538 http://secunia.com/advisories/28944 http://secunia.com/advisories/28981 Common Vulnerability Exposure (CVE) ID: CVE-2007-6350 BugTraq ID: 26900 http://www.securityfocus.com/bid/26900 http://osvdb.org/44137 http://www.securitytracker.com/id?1019103 http://secunia.com/advisories/28123 http://www.vupen.com/english/advisories/2007/4243
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com