ports/74633: [Maintainer update] shells/scponly: Update to 4.0 (security vulnerability fixed in this version)

Hideyuki KURASHINA rushani at FreeBSD.org
Thu Dec 2 23:30:35 UTC 2004 

The following reply was made to PR ports/74633; it has been noted by GNATS.

From: Hideyuki KURASHINA <rushani at FreeBSD.org>
To: FreeBSD-gnats-submit at FreeBSD.org, freebsd-ports-bugs at FreeBSD.org
Cc: enigmatyc at laposte.net, security at FreeBSD.org
Subject: Re: ports/74633: [Maintainer update] shells/scponly: Update to 4.0
 (security vulnerability fixed in this version)
Date: Fri, 03 Dec 2004 08:22:26 +0900 (JST)

 Hi,
 
 > >Category:       ports
 > >Responsible:    freebsd-ports-bugs
 > >Synopsis:       [Maintainer update] shells/scponly: Update to 4.0 (security vulnerability fixed in this version)
 > >Arrival-Date:   Thu Dec 02 22:50:07 GMT 2004
 
 I made a patch for this issue.
 
 Please consider applying following one to ports/security/vuxml/vuln.xml.
 Any improvements are welcome including words/grammer corrections.
 
 Regards,
 
 -- rushani
 
 --- vuln.xml.orig	Fri Dec  3 08:13:10 2004
 +++ vuln.xml	Fri Dec  3 08:14:30 2004
 @@ -32,6 +32,39 @@
  
  -->
  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 +  <vuln vid="f11b219a-44b6-11d9-ae2f-021106004fd6">
 +    <topic>rssh & scponly -- arbitrary command execution</topic>
 +    <affects>
 +      <package>
 +	<name>rssh</name>
 +	<range><le>2.2.2</le></range>
 +      </package>
 +      <package>
 +	<name>scponly</name>
 +	<range><lt>4.0</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns="http://www.w3.org/1999/xhtml">
 +	<p>Jason Wies identified both rssh & scponly has a vulnerability
 +	  that allows arbitrary command execution.  He reports:</p>
 +	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273">
 +	  <p>The problem is compounded when you recognize that the main use of rssh and
 +	    scponly is to allow file transfers, which in turn allows a malicious user to
 +	    transfer and execute entire custom scripts on the remote machine.</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +      <freebsdpr>ports/74633</freebsdpr>
 +      <mlist msgid="20041202135143.GA7105 at xc.net">http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273</mlist>
 +    </references>
 +    <dates>
 +      <discovery>2004-11-28</discovery>
 +      <entry>2004-12-02</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid="2b4d5288-447e-11d9-9ebb-000854d03344">
      <topic>rockdodger -- buffer overflows</topic>
      <affects>

More information about the freebsd-ports-bugs mailing list