Lucene search

[email protected]CVE-2005-3345

HistoryDec 28, 2005 - 10:03 p.m.

CVE-2005-3345

2005-12-2822:03:00

[email protected]

web.nvd.nist.gov

cve-2005-3345

rssh

access restrictions

root privileges

chroot

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.8%

JSON

rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.

Affected configurations

NVD

Node

rsshrsshMatch2.0

rsshrsshMatch2.1

rsshrsshMatch2.2

rsshrsshMatch2.2.1

rsshrsshMatch2.2.2

rsshrsshMatch2.2.3

CPENameOperatorVersion
rssh:rsshrssheq2.0
rssh:rsshrssheq2.1
rssh:rsshrssheq2.2
rssh:rsshrssheq2.2.1
rssh:rsshrssheq2.2.2
rssh:rsshrssheq2.2.3

CPE	Name	Operator	Version
rssh:rssh	rssh	eq	2.0
rssh:rssh	rssh	eq	2.1
rssh:rssh	rssh	eq	2.2
rssh:rssh	rssh	eq	2.2.1
rssh:rssh	rssh	eq	2.2.2
rssh:rssh	rssh	eq	2.2.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424

secunia.com/advisories/18224

secunia.com/advisories/18237

securityreason.com/securityalert/308

www.gentoo.org/security/en/glsa/glsa-200512-15.xml

www.pizzashack.org/rssh/security.shtml

www.securityfocus.com/bid/16050

exchange.xforce.ibmcloud.com/vulnerabilities/23854

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2005-3345

freebsd1 nvd2 nessus2 openvas4 ubuntucve1 securityvulns1 cvelist1 debiancve1 gentoo1 cve1