Format string vulnerability in log.c in rssh prior to 2.2.2 allows remote authenticated users to execute arbitrary code.
pizzashack rssh