Published: 31/08/2012 Updated: 02/03/2013

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

rssh 2.3.3 and previous versions allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pizzashack rssh 2.0.3
pizzashack rssh 2.0.4
pizzashack rssh 2.2.3
pizzashack rssh 2.0.2
pizzashack rssh
pizzashack rssh 2.1.0
pizzashack rssh 2.1.1
pizzashack rssh 2.0.0
pizzashack rssh 2.2.1
pizzashack rssh 2.2.2
pizzashack rssh 2.0.1
pizzashack rssh 2.3.1
pizzashack rssh 2.3.0

Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access For the stable distribution (squeeze), this problem has been fixed in version 232-13squeeze1 For the unstable distribution (sid), this problem has been fixed in version 233-5 We recommend that you upgrade your rssh packages ...

CWE-264 http://www.openwall.com/lists/oss-security/2012/08/11/3 http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html http://www.debian.org/security/2012/dsa-2530 http://secunia.com/advisories/50272 http://www.openwall.com/lists/oss-security/2012/08/10/7 http://sourceforge.net/mailarchive/message.php?msg_id=29235647 http://www.openwall.com/lists/oss-security/2012/11/28/3 http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html http://www.securityfocus.com/bid/53430 https://www.debian.org/security/./dsa-2530 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3478

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect