Package: scponly Version: 4.1-1 Severity: critical Hey Thomas,
scponly 4.2 has been released with a fix for the privilege escalation we've mailed about. http://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html: > ... > Problem Description: If ALL the following conditions are true, > administrators using scponly-4.1 or older may be at risk of a local > privilege escalation exploit: > > - the chrooted setuid scponlyc binary is installed > - regular non-scponly users have interactive shell access to the box > - a user executable dynamically linked setuid binary (such as ping) > exists on the same file system mount as the user's home directory > ... > > Fix: > The new release of scponly-4.2 disallows chrooting to any directory that: > - is owned by someone other than the superuser (UID 0) > - is writeable by group or other Some notes: Having scponly installed and scponlyc setuid root is enough for bug to be exploitable, hence severity critical. cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
