Lucene search

[email protected]CVE-2012-2251

HistoryJan 11, 2013 - 1:55 a.m.

CVE-2012-2251

2013-01-1101:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-2251

rssh

restricted shell access

local users

debian

fedora

rsync protocol

6.1 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) “-e” or (2) “–” command line option.

CPENameOperatorVersion
pizzashack:rsshpizzashack rssheq2.3.2

CPE	Name	Operator	Version
pizzashack:rssh	pizzashack rssh	eq	2.3.2

References

archives.neohapsis.com/archives/bugtraq/2012-11/0101.html

secunia.com/advisories/51307

www.debian.org/security/2012/dsa-2578

www.openwall.com/lists/oss-security/2012/11/27/15

www.securityfocus.com/bid/56708

bugzilla.redhat.com/show_bug.cgi?id=877279

exchange.xforce.ibmcloud.com/vulnerabilities/80334

6.1 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2012-2251

debiancve1 ubuntucve1 seebug1 cvelist1 prion1 nessus3 osv1 openvas4 debian1 securityvulns2 fedora2