| Vulnerability Name: | CVE-2004-1162 (CCN-18362) | ||||||||
| Assigned: | 2004-12-03 | ||||||||
| Published: | 2004-12-03 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Dec 02 2004 - 07:51:43 CST rssh and scponly arbitrary command execution Source: MITRE Type: CNA CVE-2004-1162 Source: BUGTRAQ Type: UNKNOWN 20041202 rssh and scponly arbitrary command execution Source: BUGTRAQ Type: UNKNOWN 20050115 Re: rssh and scponly arbitrary command execution Source: CCN Type: GLSA-200412-01 rssh, scponly: Unrestricted command execution Source: GENTOO Type: UNKNOWN GLSA-200412-01 Source: CCN Type: OSVDB ID: 12183 scponly scp -S Arbitrary Remote Command Execution Source: BID Type: Exploit, Patch, Vendor Advisory 11791 Source: CCN Type: BID-11791 SCPOnly Remote Arbitrary Command Execution Vulnerability Source: CCN Type: scponly Web site scponly homepage Source: CONFIRM Type: UNKNOWN http://www.sublimation.org/scponly/#relnotes Source: XF Type: UNKNOWN scponly-commandline-command-execution(18362) Source: XF Type: UNKNOWN scponly-commandline-command-execution(18362) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||