Computer Security
[EN] securityvulns.ru no-pyccku


rssh security vulnerabilities
Published:03.12.2012
Source:
SecurityVulns ID:12736
Type:local
Threat Level:
5/10
Description:Multiple environment limitation bypass possibilities.
Affected:RSSH : rssh 2.3
CVE:CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.)
 CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.)
 CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.)
Original documentdocumentDerek Martin, Re: rssh security announcement (03.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod