Search criteria
21 vulnerabilities found for rssh by pizzashack
FKIE_CVE-2019-3463
Vulnerability from fkie_nvd - Published: 2019-02-06 19:29 - Updated: 2024-11-21 04:42
Severity ?
Summary
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | 2.3.4 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB86D00C-9ED3-4DC3-9FFF-14B9F3E5C413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
},
{
"lang": "es",
"value": "El saneamiento insuficiente de los argumentos que se pasan a rsync puede omitir las restricciones impuestas por rssh, un shell restringido que deber\u00eda hacer que los usuarios solo puedan realizar operaciones rsync, lo que resulta en la ejecuci\u00f3n de comandos shell arbitrarios."
}
],
"id": "CVE-2019-3463",
"lastModified": "2024-11-21T04:42:05.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-06T19:29:00.350",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-3464
Vulnerability from fkie_nvd - Published: 2019-02-06 19:29 - Updated: 2024-11-21 04:42
Severity ?
Summary
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | 2.3.4 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB86D00C-9ED3-4DC3-9FFF-14B9F3E5C413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
},
{
"lang": "es",
"value": "El saneamiento insuficiente de las variables de entorno que se pasan a rsync puede omitir las restricciones impuestas por rssh, un shell restringido que deber\u00eda hacer que los usuarios solo puedan realizar operaciones rsync, lo que resulta en la ejecuci\u00f3n de comandos shell arbitrarios."
}
],
"id": "CVE-2019-3464",
"lastModified": "2024-11-21T04:42:05.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-06T19:29:00.397",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-1000018
Vulnerability from fkie_nvd - Published: 2019-02-04 21:29 - Updated: 2025-03-19 20:15
Severity ?
Summary
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | 2.3.4 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB86D00C-9ED3-4DC3-9FFF-14B9F3E5C413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
},
{
"lang": "es",
"value": "rssh 2.3.4 contiene un CWE-77: neutralizaci\u00f3n indebida de elementos especiales empleados en un comando (inyecci\u00f3n de comandos) en el permiso allowscp que puede resultar en la ejecuci\u00f3n local de comandos. El ataque parece ser explotable mediante un usuario SSH autorizado mediante el permiso allowscp."
}
],
"id": "CVE-2019-1000018",
"lastModified": "2025-03-19T20:15:15.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:01.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2251
Vulnerability from fkie_nvd - Published: 2013-01-11 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | 2.3.2 | |
| debian | debian_linux | * | |
| fedoraproject | fedora | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F69D6E8-00A6-417C-A458-F8C4B90CB694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20294CE7-12C8-43CA-A702-5ED2A3044FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
},
{
"lang": "es",
"value": "rssh v2.3.2, tal y como como se usa en Debian, Fedora, y otros, cuando el protocolo rsync est\u00e1 habilitado, permite a los usuarios locales eludir las restricciones de acceso a trav\u00e9s de una opci\u00f3n (1) \"-e\" o (2) \"--\" de la l\u00ednea de comandos.\r\n"
}
],
"id": "CVE-2012-2251",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-11T01:55:00.760",
"references": [
{
"source": "security@debian.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51307"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2252
Vulnerability from fkie_nvd - Published: 2013-01-11 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | * | |
| pizzashack | rssh | 2.0.0 | |
| pizzashack | rssh | 2.0.1 | |
| pizzashack | rssh | 2.0.2 | |
| pizzashack | rssh | 2.0.3 | |
| pizzashack | rssh | 2.0.4 | |
| pizzashack | rssh | 2.1.0 | |
| pizzashack | rssh | 2.1.1 | |
| pizzashack | rssh | 2.2.1 | |
| pizzashack | rssh | 2.2.2 | |
| pizzashack | rssh | 2.2.3 | |
| pizzashack | rssh | 2.3.0 | |
| pizzashack | rssh | 2.3.1 | |
| pizzashack | rssh | 2.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "541B5F5E-B34F-4E0C-99A0-99AF53D7536F",
"versionEndIncluding": "2.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "405D117C-7A65-48DD-B898-4E7526A47392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02796C4B-F155-4D6B-9692-0C467B259B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3BE629-9E24-4E48-9ADD-61174BBAD270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "147D0EA0-3F3E-488E-A5FF-618614B34D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "994DDFAC-D9D6-4146-8628-5014E52A6847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA58CBF8-1826-44D7-B2F0-999B8DA61F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D984CE9-5283-4DAE-9D42-9B5AE31A4002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D718FA8D-2699-4150-AB39-357E1585EB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "255C9863-4D7E-46CE-A1C9-F897EFB85D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72CB8450-D58D-4824-931F-2D61451F2C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C75A3EB-ABDF-458B-8B49-505791EF8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6BACEEB-9CBD-4E94-A3EF-61E220F2D68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F69D6E8-00A6-417C-A458-F8C4B90CB694",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en rssh antes de v2.3.4, cuando el protocolo rsync est\u00e1 activado, permite a los usuarios locales eludir las restricciones de acceso a la interfaz de comandos a trav\u00e9s de la opci\u00f3n --rsh de la l\u00ednea de comandos.\r\n"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html \u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2012-2252",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-11T01:55:00.837",
"references": [
{
"source": "security@debian.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"source": "security@debian.org",
"url": "http://osvdb.org/87926"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51307"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51343"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3478
Vulnerability from fkie_nvd - Published: 2012-08-31 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | * | |
| pizzashack | rssh | 2.0.0 | |
| pizzashack | rssh | 2.0.1 | |
| pizzashack | rssh | 2.0.2 | |
| pizzashack | rssh | 2.0.3 | |
| pizzashack | rssh | 2.0.4 | |
| pizzashack | rssh | 2.1.0 | |
| pizzashack | rssh | 2.1.1 | |
| pizzashack | rssh | 2.2.1 | |
| pizzashack | rssh | 2.2.2 | |
| pizzashack | rssh | 2.2.3 | |
| pizzashack | rssh | 2.3.0 | |
| pizzashack | rssh | 2.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F4A975-E5EE-42E5-A3DD-5ED7D736D3FD",
"versionEndIncluding": "2.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "405D117C-7A65-48DD-B898-4E7526A47392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02796C4B-F155-4D6B-9692-0C467B259B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3BE629-9E24-4E48-9ADD-61174BBAD270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "147D0EA0-3F3E-488E-A5FF-618614B34D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "994DDFAC-D9D6-4146-8628-5014E52A6847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA58CBF8-1826-44D7-B2F0-999B8DA61F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D984CE9-5283-4DAE-9D42-9B5AE31A4002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D718FA8D-2699-4150-AB39-357E1585EB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "255C9863-4D7E-46CE-A1C9-F897EFB85D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72CB8450-D58D-4824-931F-2D61451F2C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C75A3EB-ABDF-458B-8B49-505791EF8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pizzashack:rssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6BACEEB-9CBD-4E94-A3EF-61E220F2D68E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
},
{
"lang": "es",
"value": "rssh v2.3.3 y anteriores permite evitar las restricciones de acceso a objetos shell a usuarios locales a trav\u00e9s de variables de entorno modificadas en la l\u00ednea de comandos.\r\n"
}
],
"id": "CVE-2012-3478",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T18:55:05.683",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50272"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53430"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1628
Vulnerability from fkie_nvd - Published: 2004-10-23 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=109855982425122&w=2 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/12954 | Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml | Third Party Advisory | |
| cve@mitre.org | http://www.pizzashack.org/rssh/ | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17831 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109855982425122&w=2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12954 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pizzashack.org/rssh/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17831 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pizzashack | rssh | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pizzashack:rssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2465D7FF-2ED4-425D-AE28-3D1D213AACC0",
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
],
"id": "CVE-2004-1628",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/12954"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/12954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-3464 (GCVE-0-2019-3464)
Vulnerability from cvelistv5 – Published: 2019-02-06 19:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Severity ?
No CVSS data available.
CWE
- Incomplete sanitization of environment variable
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Debian GNU/Linux | rssh |
Affected:
All versions before 2.3.4-5+deb9u2 and 2.3.4-10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rssh",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete sanitization of environment variable",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T23:06:13",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2019-3464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rssh",
"version": {
"version_data": [
{
"version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete sanitization of environment variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4382",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106839"
},
{
"name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3464",
"datePublished": "2019-02-06T19:00:00Z",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-09-17T04:29:35.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3463 (GCVE-0-2019-3463)
Vulnerability from cvelistv5 – Published: 2019-02-06 19:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Severity ?
No CVSS data available.
CWE
- Incomplete sanitization of passed arguments
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Debian GNU/Linux | rssh |
Affected:
All versions before 2.3.4-5+deb9u2 and 2.3.4-10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rssh",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete sanitization of passed arguments",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T23:06:14",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2019-3463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rssh",
"version": {
"version_data": [
{
"version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete sanitization of passed arguments"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4382",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106839"
},
{
"name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3463",
"datePublished": "2019-02-06T19:00:00Z",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-09-17T01:31:33.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1000018 (GCVE-0-2019-1000018)
Vulnerability from cvelistv5 – Published: 2019-02-04 21:00 – Updated: 2025-03-19 19:45
VLAI?
Summary
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2019-01-22T00:00:00.000Z",
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T19:45:40.057Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-01-22T21:21:10.024645",
"DATE_REQUESTED": "2019-01-16T17:31:27",
"ID": "CVE-2019-1000018",
"REQUESTER": "security@es.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
"refsource": "MISC",
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-1000018",
"datePublished": "2019-02-04T21:00:00.000Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2025-03-19T19:45:40.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2252 (GCVE-0-2012-2252)
Vulnerability from cvelistv5 – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "51343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880177",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"refsource": "OSVDB",
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2252",
"datePublished": "2013-01-11T01:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2251 (GCVE-0-2012-2251)
Vulnerability from cvelistv5 – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2251",
"datePublished": "2013-01-11T01:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3478 (GCVE-0-2012-3478)
Vulnerability from cvelistv5 – Published: 2012-08-31 18:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120508 rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-12T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120508 rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120508 rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3478",
"datePublished": "2012-08-31T18:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1628 (GCVE-0-2004-1628)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pizzashack.org/rssh/",
"refsource": "CONFIRM",
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1628",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3464 (GCVE-0-2019-3464)
Vulnerability from nvd – Published: 2019-02-06 19:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Severity ?
No CVSS data available.
CWE
- Incomplete sanitization of environment variable
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Debian GNU/Linux | rssh |
Affected:
All versions before 2.3.4-5+deb9u2 and 2.3.4-10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rssh",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete sanitization of environment variable",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T23:06:13",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2019-3464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rssh",
"version": {
"version_data": [
{
"version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete sanitization of environment variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4382",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106839"
},
{
"name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3464",
"datePublished": "2019-02-06T19:00:00Z",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-09-17T04:29:35.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3463 (GCVE-0-2019-3463)
Vulnerability from nvd – Published: 2019-02-06 19:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Severity ?
No CVSS data available.
CWE
- Incomplete sanitization of passed arguments
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Debian GNU/Linux | rssh |
Affected:
All versions before 2.3.4-5+deb9u2 and 2.3.4-10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rssh",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete sanitization of passed arguments",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T23:06:14",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2019-3463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rssh",
"version": {
"version_data": [
{
"version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete sanitization of passed arguments"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4382",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106839"
},
{
"name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3463",
"datePublished": "2019-02-06T19:00:00Z",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-09-17T01:31:33.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1000018 (GCVE-0-2019-1000018)
Vulnerability from nvd – Published: 2019-02-04 21:00 – Updated: 2025-03-19 19:45
VLAI?
Summary
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2019-01-22T00:00:00.000Z",
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T19:45:40.057Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-01-22T21:21:10.024645",
"DATE_REQUESTED": "2019-01-16T17:31:27",
"ID": "CVE-2019-1000018",
"REQUESTER": "security@es.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
"refsource": "MISC",
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-1000018",
"datePublished": "2019-02-04T21:00:00.000Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2025-03-19T19:45:40.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2252 (GCVE-0-2012-2252)
Vulnerability from nvd – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "51343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880177",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"refsource": "OSVDB",
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2252",
"datePublished": "2013-01-11T01:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2251 (GCVE-0-2012-2251)
Vulnerability from nvd – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2251",
"datePublished": "2013-01-11T01:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3478 (GCVE-0-2012-3478)
Vulnerability from nvd – Published: 2012-08-31 18:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120508 rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-12T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120508 rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120508 rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3478",
"datePublished": "2012-08-31T18:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1628 (GCVE-0-2004-1628)
Vulnerability from nvd – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pizzashack.org/rssh/",
"refsource": "CONFIRM",
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1628",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}