Published: 04/02/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

It exists that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh’s command restrictions, allowing an malicious user to run arbitrary commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pizzashack rssh 2.3.4
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04

Debian Bug report logs - #919623 rssh: CVE-2019-1000018: Remote code execution in scp support Package: rssh; Maintainer for rssh is Russ Allbery <rra@debianorg>; Source for rssh is src:rssh (PTS, buildd, popcon) Reported by: Russ Allbery <rra@debianorg> Date: Fri, 18 Jan 2019 03:27:02 UTC Severity: grave Tags: sec ...

rssh could be made to run arbitrary commands if it received specially crafted input ...

Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands (CVE-2019-3464) Insufficient sanitation of arguments passed to rsync can bypass the restrictions imposed ...

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP) ...

ESnet Security's github.io Site

ESnet Security Announcements and other content from the ESnet Security team Announcements RSSH Command Execution Vulnerability (CVE-2019-1000018) The ESnet Security team is publishing a vulnerability in rssh This software is used to restrict SSH access to a system, only allowing a user to scp files to/from the system The vulnerability allows such a user to execute arbitrary

CWE-77 https://esnet-security.github.io/vulnerabilities/20190115_rssh https://www.debian.org/security/2019/dsa-4377 https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html https://usn.ubuntu.com/3946-1/https://security.gentoo.org/glsa/202007-29 http://seclists.org/fulldisclosure/2021/May/78 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623 https://usn.ubuntu.com/3946-1/https://nvd.nist.gov

CVE-2019-1000018

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect