CVE-2007-6350

Name of the Vulnerable Software and Affected Versions: scponly versions 4.6 and earlier scponly versions 4.8 and earlier

Description: The issue allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands, including unison, rsync, svn, and svnserve. This can be demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations: For scponly versions 4.6 and earlier, consider disabling the use of subcommands unison, rsync, svn, and svnserve until a patch is available. For scponly versions 4.8 and earlier, restrict access to the svn command and Subversion repositories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.