what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files

RSSH 2.3.4 Released
Posted Nov 28, 2012
Authored by Derek Martin | Site pizzashack.org

RSSH version 2.3.4 was released to address an environment variable manipulation vulnerability and an improper filtering of the rsync command line.

tags | advisory
advisories | CVE-2012-3478, CVE-2012-2252
SHA-256 | 3292f4ccb0a7fd1db2d5443d8a6d96f69577b83251c4988b59049dc9a3bd99c8

Related Files

Ubuntu Security Notice USN-3946-1
Posted Apr 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3946-1 - It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-1000018
SHA-256 | b3912f7c3ac4d52ac8b9e4852a3b76a0715abb7ec40879e56706a9a715489272
Debian Security Advisory 4377-2
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
SHA-256 | 04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75
Debian Security Advisory 4382-1
Posted Feb 4, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4382-1 - Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell, vulnerability
systems | linux, debian
advisories | CVE-2019-3463, CVE-2019-3464
SHA-256 | 90d089df2746ccd0e13a5b4effa81aa2b9b37376df0cff30c992e43f9b7a0418
Debian Security Advisory 4377-1
Posted Jan 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-1 - The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2019-1000018
SHA-256 | 94d852fddd0d7de255869f71aa353a2bf3c2963c61f4197cc965bee4345d3540
RSSMON / BEAM (Red Star OS 3.0) Shellshock
Posted Dec 19, 2016
Authored by Hacker Fantastic

This is a shellshock exploit for RSSMON and BEAM, network services for Red Star OS version 3.0 SERVER edition.

tags | exploit
SHA-256 | bbdf7dd5e3730d17196110e9505289469c26b6f29655125d1177485822c140de
Gentoo Linux Security Advisory 201311-19
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2252, CVE-2012-3478
SHA-256 | 2cfca946aed87f93230a6b6e24c15593789e28cee281ff97f52258c3b9f27c16
Debian Security Advisory 2578-1
Posted Nov 28, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.

tags | advisory, remote, arbitrary, shell
systems | linux, debian
advisories | CVE-2012-2251, CVE-2012-2252
SHA-256 | d9979ff7d19f7c9e9521796945b7c49ed74862a888a3527cd1b55022041c8c36
Secunia Security Advisory 51343
Posted Nov 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in rssh, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
SHA-256 | 27a4ebced838c8dafa541d3af9421caf07aab6b309fe624eadfc22b80bb11cb7
Secunia Security Advisory 51307
Posted Nov 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for rssh. This fixes two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local, vulnerability
systems | linux, debian
SHA-256 | 70a593bd1b01178f13adb23b12be3e6ee2c46f3486ec1c0edffb133e2e97cd7b
Secunia Security Advisory 50272
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
SHA-256 | eebd89c421afe76c8ec364ab92b3326b1565c0fe049041b41a8d004476cd613d
Debian Security Advisory 2530-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2012-3478
SHA-256 | 0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450
RSSH Circumvention
Posted May 9, 2012
Authored by Derek Martin | Site pizzashack.org

Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh.

tags | advisory
SHA-256 | e569ddc10821d9e494884093dab704f6cca8c684a13ead70079866b8250e251e
Secunia Security Advisory 44755
Posted May 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for rssh. This fixes a weakness, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, fedora
SHA-256 | 2cd6dd26b3d9c8494f83a84ecc70d552e9f1be7f110839de614b97d22abf14c9
Debian Linux Security Advisory 1109-1
Posted Jul 18, 2006
Authored by Debian | Site debian.org

Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions.

tags | advisory, shell
SHA-256 | 876688d70447ff6f444fd000a715393819d63d1405a51b625e31613066a5dd32
Secunia Security Advisory 21087
Posted Jul 17, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, debian
SHA-256 | 1f56e52428817c2300a0bee5cc029a650e2a59743ae430071498f80fb6eaf626
rssh230.txt
Posted Dec 31, 2005
Authored by Derek Martin | Site pizzashack.org

Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), then they can use rssh_chroot_helper to chroot to arbitrary locations in the file system, and thereby gain root access. Versions of rssh below 2.3.0 are affected.

tags | advisory, arbitrary, shell, root
SHA-256 | e0400de36fd827a4ed316391ce7f793e1db1e6ed15f917f0dbbe692281d94f10
Secunia Security Advisory 18237
Posted Dec 28, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, gentoo
SHA-256 | 2dbd73e7137cbaad8c4fafd8ed270f6f1809a53bf332eaf971375dab41b93f8c
Gentoo Linux Security Advisory 200512-15
Posted Dec 28, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200512-15 - Max Vozeler discovered that the rssh_chroot_helper command allows local users to chroot into arbitrary directories. Versions less than 2.3.0 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
SHA-256 | e9b6463450404b9d644b29ecf083020820cf1e18f1a8c4c3382da858e7fed5a9
Secunia Security Advisory 18224
Posted Dec 26, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Max Vozeler has reported a vulnerability in rssh, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 35a340514f202769be48f2c5284d46184ec6ae82e44207981e71c238a1f96317
rsshscponly.txt
Posted Dec 12, 2004
Authored by Jason Wies

Although rssh and scponly were designed to limit the use of a shell on a remote host, various underlying programs that they are allowed to use may allow for arbitrary command execution.

tags | advisory, remote, arbitrary, shell
SHA-256 | 221d90a3802c19d25ff31131746e485e622f1afce6b8ffef9f1934ead0f4784b
rsshFormat.txt
Posted Oct 27, 2004
Authored by Derek Martin | Site pizzashack.org

rssh versions below 2.2.2 suffer from a format string vulnerability that may allow for privilege escalation.

tags | advisory
SHA-256 | 4e71754c1ea5a52d4e553addf2ba481fd95acd61c1c8fb641f366430dbdfc6a1
rsshFlaw.txt
Posted Jun 22, 2004
Authored by Derek Martin | Site pizzashack.org

rssh, the small shell whose purpose is to restrict users to using scp or sftp, has a bug that allows a user to gather information outside of a chrooted jail unintentionally. Affected versions are 2.0 through 2.1.x.

tags | advisory, shell
SHA-256 | 311bdd186d8b1ea269ad967cd01b3b095ad35878525c4d3fb410e7ef1f211d8b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close