exploit the possibilities
Showing 1 - 3 of 3 RSS Feed

CVE-2019-1000018

Status Candidate

Overview

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

Related Files

Ubuntu Security Notice USN-3946-1
Posted Apr 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3946-1 - It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-1000018
MD5 | 4f673b4e30b7456bf9f5c03e61b35cf6
Debian Security Advisory 4377-3
Posted Feb 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-3 - The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those.

tags | advisory
systems | linux, debian
advisories | CVE-2019-1000018
MD5 | 9cd4fbf3a326b0f62854a4c5892625c8
Debian Security Advisory 4377-1
Posted Jan 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-1 - The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2019-1000018
MD5 | 0f3abdb1f9aef1a11fc5a00e69af7d17
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close