FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  523158
Date:      2020-01-15
Time:      20:23:39Z
Committer: brnrd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1f826757-26be-11d9-ad2d-0050fc56d258rssh -- format string vulnerability

There is a format string bug in rssh that enables an attacker to execute arbitrary code from an account configured to use rssh. On FreeBSD it is only possible to compromise the rssh running account, not root.


Discovery 2004-10-23
Entry 2004-10-25
rssh
le 2.2.1

http://www.pizzashack.org/rssh/security.shtml
http://marc.theaimsgroup.com/?l=bugtraq&m=109855982425122
f11b219a-44b6-11d9-ae2f-021106004fd6rssh & scponly -- arbitrary command execution

Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports:

The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire custom scripts on the remote machine.


Discovery 2004-11-28
Entry 2004-12-02
Modified 2004-12-12
rssh
le 2.2.2

scponly
lt 4.0

11791
11792
ports/74633
http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273
f11b219a-44b6-11d9-ae2f-021106004fd6rssh & scponly -- arbitrary command execution

Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports:

The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire custom scripts on the remote machine.


Discovery 2004-11-28
Entry 2004-12-02
Modified 2004-12-12
rssh
le 2.2.2

scponly
lt 4.0

11791
11792
ports/74633
http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273
e34d0c2e-9efb-11da-b410-000e0c2e438arssh -- privilege escalation vulnerability

Pizzashack reports:

Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed (and rssh_chroot_helper is installed SUID) to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentially mitigating factors, but to be safe you should upgrade immediately.


Discovery 2005-12-18
Entry 2006-02-16
rssh
lt 2.3.0

16050
CVE-2005-3345
http://www.pizzashack.org/rssh/security.shtml
65b25acc-e63b-11e1-b81c-001b77d09812rssh -- arbitrary command execution

Derek Martin (rssh maintainer) reports:

Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is the one you're attempting to protect with rssh...


Discovery 2012-05-08
Entry 2012-08-22
rssh
lt 2.3.4

53430
CVE-2012-3478
http://sourceforge.net/mailarchive/message.php?msg_id=29235647
a4598875-ec91-11e1-8bd8-0022156e8794rssh -- configuration restrictions bypass

Derek Martin (rssh maintainer) reports:

John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions (scp) to the entire system, potentially circumventing any configured chroot. Fixing this required a behavior change: in the past, using rssh without a config file would give all users default access to use scp on an unchrooted system. In order to correct the reported bug, this feature has been eliminated, and you must now have a valid configuration file. If no config file exists, all users will be locked out.


Discovery 2010-08-01
Entry 2012-08-22
rssh
lt 2.3.3

http://www.pizzashack.org/rssh/security.shtml
a4815970-c5cc-11d8-8898-000d6111a684rssh -- file name disclosure bug

rssh expands command line paramters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains:

The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior to entering the chroot jail. This bug DOES NOT allow a user to access any of the files outside the jail, but can allow them to discover what files are in a directory which is outside the jail, if their credentials on the server would normally allow them read/execute access in the specified directory.


Discovery 2004-06-19
Entry 2004-09-21
rssh
lt 2.2.1

CVE-2004-0609
http://marc.theaimsgroup.com/?l=bugtraq&m=108787373022844
10574
http://www.osvdb.org/7239
1f826757-26be-11d9-ad2d-0050fc56d258rssh -- format string vulnerability

There is a format string bug in rssh that enables an attacker to execute arbitrary code from an account configured to use rssh. On FreeBSD it is only possible to compromise the rssh running account, not root.


Discovery 2004-10-23
Entry 2004-10-25
rssh
le 2.2.1

http://www.pizzashack.org/rssh/security.shtml
http://marc.theaimsgroup.com/?l=bugtraq&m=109855982425122
d193aa9f-3f8c-11e9-9a24-6805ca0b38e8rssh - multiple vulnerabilities

NVD reports:

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.


Discovery 2019-02-04
Entry 2019-03-06
rssh
lt 2.3.4_2

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3apizzashack%3arssh%3a2.3.4
CVE-2019-1000018
CVE-2019-3463
CVE-2019-3464
a4815970-c5cc-11d8-8898-000d6111a684rssh -- file name disclosure bug

rssh expands command line paramters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains:

The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior to entering the chroot jail. This bug DOES NOT allow a user to access any of the files outside the jail, but can allow them to discover what files are in a directory which is outside the jail, if their credentials on the server would normally allow them read/execute access in the specified directory.


Discovery 2004-06-19
Entry 2004-09-21
rssh
lt 2.2.1

CVE-2004-0609
http://marc.theaimsgroup.com/?l=bugtraq&m=108787373022844
10574
http://www.osvdb.org/7239
e34d0c2e-9efb-11da-b410-000e0c2e438arssh -- privilege escalation vulnerability

Pizzashack reports:

Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed (and rssh_chroot_helper is installed SUID) to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentially mitigating factors, but to be safe you should upgrade immediately.


Discovery 2005-12-18
Entry 2006-02-16
rssh
lt 2.3.0

16050
CVE-2005-3345
http://www.pizzashack.org/rssh/security.shtml