RSS   Vulnerabilities for 'RSSH'   RSS

2019-02-06
 
CVE-2019-3464

CWE-20
 

 
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

 
 
CVE-2019-3463

CWE-20
 

 
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

 
2019-02-04
 
CVE-2019-1000018

CWE-77
 

 
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

 
2013-01-10
 
CVE-2012-2252

CWE-Other
 

 
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

 
 
CVE-2012-2251

 

 
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

 
2012-08-31
 
CVE-2012-3478

 

 
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

 


Copyright 2024, cxsecurity.com

 

Back to Top