Lucene search

[email protected]CVE-2004-1161

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1161

2005-01-1005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

rssh

cve-2004-1161

authentication bypass

access restrictions

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.2%

JSON

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

CPENameOperatorVersion
rssh:rsshrssheq2.2
rssh:rsshrssheq2.2.2
rssh:rsshrssheq2.1
rssh:rsshrssheq2.0
rssh:rsshrssheq2.2.1
gentoo:linuxgentoo linuxeq*

CPE	Name	Operator	Version
rssh:rssh	rssh	eq	2.2
rssh:rssh	rssh	eq	2.2.2
rssh:rssh	rssh	eq	2.1
rssh:rssh	rssh	eq	2.0
rssh:rssh	rssh	eq	2.2.1
gentoo:linux	gentoo linux	eq	*

References

marc.info/?l=bugtraq&m=110202047507273&w=2

marc.info/?l=bugtraq&m=110581113814623&w=2

www.gentoo.org/security/en/glsa/glsa-200412-01.xml

www.securityfocus.com/bid/11792

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2004-1161

debiancve1 ubuntucve1 openvas4 nessus2 gentoo1