| VuXML ID | Description |
|---|
| a4598875-ec91-11e1-8bd8-0022156e8794 | rssh -- configuration restrictions bypass
Derek Martin (rssh maintainer) reports:
John Barber reported a problem where, if the system
administrator misconfigures rssh by providing too few access
bits in the configuration file, the user will be given
default permissions (scp) to the entire system, potentially
circumventing any configured chroot. Fixing this required a
behavior change: in the past, using rssh without a config
file would give all users default access to use scp on an
unchrooted system. In order to correct the reported bug,
this feature has been eliminated, and you must now have a
valid configuration file. If no config file exists, all
users will be locked out.
Discovery 2010-08-01
Entry 2012-08-22
rssh
lt 2.3.3
http://www.pizzashack.org/rssh/security.shtml
|
| e34d0c2e-9efb-11da-b410-000e0c2e438a | rssh -- privilege escalation vulnerability
Pizzashack reports:
Max Vozeler has reported a problem whereby rssh can
allow users who have shell access to systems where rssh
is installed (and rssh_chroot_helper is installed SUID)
to gain root access to the system, due to the ability to
chroot to arbitrary locations. There are a lot of
potentially mitigating factors, but to be safe you should
upgrade immediately.
Discovery 2005-12-18
Entry 2006-02-16
rssh
lt 2.3.0
16050
CVE-2005-3345
http://www.pizzashack.org/rssh/security.shtml
|
| d193aa9f-3f8c-11e9-9a24-6805ca0b38e8 | rssh - multiple vulnerabilities
NVD reports:
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Discovery 2019-02-04
Entry 2019-03-06
rssh
lt 2.3.4_2
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3apizzashack%3arssh%3a2.3.4
CVE-2019-1000018
CVE-2019-3463
CVE-2019-3464
|
| e34d0c2e-9efb-11da-b410-000e0c2e438a | rssh -- privilege escalation vulnerability
Pizzashack reports:
Max Vozeler has reported a problem whereby rssh can
allow users who have shell access to systems where rssh
is installed (and rssh_chroot_helper is installed SUID)
to gain root access to the system, due to the ability to
chroot to arbitrary locations. There are a lot of
potentially mitigating factors, but to be safe you should
upgrade immediately.
Discovery 2005-12-18
Entry 2006-02-16
rssh
lt 2.3.0
16050
CVE-2005-3345
http://www.pizzashack.org/rssh/security.shtml
|
| 65b25acc-e63b-11e1-b81c-001b77d09812 | rssh -- arbitrary command execution
Derek Martin (rssh maintainer) reports:
Henrik Erkkonen has discovered that, through clever
manipulation of environment variables on the ssh command
line, it is possible to circumvent rssh. As far as I can
tell, there is no way to effect a root compromise, except of
course if the root account is the one you're attempting to
protect with rssh...
Discovery 2012-05-08
Entry 2012-08-22
rssh
lt 2.3.4
53430
CVE-2012-3478
http://sourceforge.net/mailarchive/message.php?msg_id=29235647
|