RSSH version 2.3.4 was released to address an environment variable manipulation vulnerability and an improper filtering of the rsync command line.
3292f4ccb0a7fd1db2d5443d8a6d96f69577b83251c4988b59049dc9a3bd99c8Ubuntu Security Notice 3946-1 - It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands.
b3912f7c3ac4d52ac8b9e4852a3b76a0715abb7ec40879e56706a9a715489272Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75Debian Linux Security Advisory 4382-1 - Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.
90d089df2746ccd0e13a5b4effa81aa2b9b37376df0cff30c992e43f9b7a0418Debian Linux Security Advisory 4377-1 - The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.
94d852fddd0d7de255869f71aa353a2bf3c2963c61f4197cc965bee4345d3540This is a shellshock exploit for RSSMON and BEAM, network services for Red Star OS version 3.0 SERVER edition.
bbdf7dd5e3730d17196110e9505289469c26b6f29655125d1177485822c140deGentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.
2cfca946aed87f93230a6b6e24c15593789e28cee281ff97f52258c3b9f27c16Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.
d9979ff7d19f7c9e9521796945b7c49ed74862a888a3527cd1b55022041c8c36Secunia Security Advisory - A vulnerability has been reported in rssh, which can be exploited by malicious, local users to bypass certain security restrictions.
27a4ebced838c8dafa541d3af9421caf07aab6b309fe624eadfc22b80bb11cb7Secunia Security Advisory - Debian has issued an update for rssh. This fixes two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions.
70a593bd1b01178f13adb23b12be3e6ee2c46f3486ec1c0edffb133e2e97cd7bSecunia Security Advisory - Debian has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
eebd89c421afe76c8ec364ab92b3326b1565c0fe049041b41a8d004476cd613dDebian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh.
e569ddc10821d9e494884093dab704f6cca8c684a13ead70079866b8250e251eSecunia Security Advisory - Fedora has issued an update for rssh. This fixes a weakness, which can be exploited by malicious users to bypass certain security restrictions.
2cd6dd26b3d9c8494f83a84ecc70d552e9f1be7f110839de614b97d22abf14c9Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions.
876688d70447ff6f444fd000a715393819d63d1405a51b625e31613066a5dd32Secunia Security Advisory - Debian has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
1f56e52428817c2300a0bee5cc029a650e2a59743ae430071498f80fb6eaf626Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), then they can use rssh_chroot_helper to chroot to arbitrary locations in the file system, and thereby gain root access. Versions of rssh below 2.3.0 are affected.
e0400de36fd827a4ed316391ce7f793e1db1e6ed15f917f0dbbe692281d94f10Secunia Security Advisory - Gentoo has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
2dbd73e7137cbaad8c4fafd8ed270f6f1809a53bf332eaf971375dab41b93f8cGentoo Linux Security Advisory GLSA 200512-15 - Max Vozeler discovered that the rssh_chroot_helper command allows local users to chroot into arbitrary directories. Versions less than 2.3.0 are affected.
e9b6463450404b9d644b29ecf083020820cf1e18f1a8c4c3382da858e7fed5a9Secunia Security Advisory - Max Vozeler has reported a vulnerability in rssh, which can be exploited by malicious, local users to gain escalated privileges.
35a340514f202769be48f2c5284d46184ec6ae82e44207981e71c238a1f96317Although rssh and scponly were designed to limit the use of a shell on a remote host, various underlying programs that they are allowed to use may allow for arbitrary command execution.
221d90a3802c19d25ff31131746e485e622f1afce6b8ffef9f1934ead0f4784brssh versions below 2.2.2 suffer from a format string vulnerability that may allow for privilege escalation.
4e71754c1ea5a52d4e553addf2ba481fd95acd61c1c8fb641f366430dbdfc6a1rssh, the small shell whose purpose is to restrict users to using scp or sftp, has a bug that allows a user to gather information outside of a chrooted jail unintentionally. Affected versions are 2.0 through 2.1.x.
311bdd186d8b1ea269ad967cd01b3b095ad35878525c4d3fb410e7ef1f211d8b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed