« Sun Alert 102926... | Main | Sun Alert 102918... »
27 Jun 2007 Sun Alert 102961 Security Vulnerability in scp(1) May Allow Execution of Unintended Commands
posted by security in Alerts
Product: Solaris 9 Operating System, Solaris 10 Operating System

Due to a security vulnerability in the way the scp(1) command executes helper applications, certain additional unintended commands may be executed at the same time. This may allow a local unprivileged user (or a remote user in the case of shared filesystems) who is able to create files on the system, to execute arbitrary commands with the privileges of a local user, if those files are acted upon by the local user using the scp(1) command.

This issue is also referenced in the following document:

CVE-2006-0225 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225

Avoidance: Patch, Workaround
State: Resolved
First released: 08-Jun-2007
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 102926... | Main | Sun Alert 102918... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« July 2009
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.