FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rssh & scponly -- arbitrary command execution

Affected packages
rssh <= 2.2.2
scponly < 4.0

Details

VuXML ID f11b219a-44b6-11d9-ae2f-021106004fd6
Discovery 2004-11-28
Entry 2004-12-02
Modified 2004-12-12

Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports:

The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire custom scripts on the remote machine.

References

Bugtraq ID 11791
Bugtraq ID 11792
FreeBSD PR ports/74633
Message 20041202135143.GA7105@xc.net