CVE-2005-4532

Name of the Vulnerable Software and Affected Versions scponly versions 4.1 and earlier

Description The issue allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD PRELOAD to modify expected function calls in the setuid application. Additionally, multiple vulnerabilities in the scponly package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For scponly versions 4.1 and earlier, consider upgrading to a version later than 4.1 to resolve the issue. As a temporary workaround, consider restricting the use of LD PRELOAD mechanisms and setuid applications to minimize the risk of exploitation. Avoid using setuid applications in chroot directories until the issue is resolved.