{"securityvulns": [{"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "description": "It's possible to execute shell commands.", "modified": "2012-08-20T00:00:00", "published": "2012-08-20T00:00:00", "id": "SECURITYVULNS:VULN:12523", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12523", "title": "rssh restrictions bypass", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2530-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nAugust 15, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : rssh\r\nVulnerability : shell command injection\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-3478\r\n\r\nHenrik Erkkonen discovered that rssh, a restricted shell for SSH, does\r\nnot properly restrict shell access.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.3.2-13squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.3.3-5.\r\n\r\nWe recommend that you upgrade your rssh packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJQK/ikAAoJEL97/wQC1SS+kjAH/1/i17W6fGRfBW9Csg95Sz46\r\nQqKIq+80mZIPcE2kPtVe3USmpcfeeOSCptTnyzBbl6GPT3TN2DRPvwbnLdZDqo7r\r\nBMCqPnMR6cO+y54jII5JvhgdChJKWe7MwOkN5HmPuC8T8OjPGEXo1V8+V5o97qZY\r\nb4iACkFXeWj0HjT6zS2sxlpmXCinrwG8P9JhbnvjJoaeuKuqSO6rzU1zxsq7ZY0S\r\n8AgxvGkDI8q16wSVNBs5fMdg8Gr5TwdHvEEZTBllJA9b/fFM6nk4mr99Oio+Cq3s\r\nY78dsBMf8kmmOlo6TvhwX31zPgulqHckPaOek5RrCm9vilLTNNJB85hAF3s9MgM=\r\n=B9mz\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-08-20T00:00:00", "published": "2012-08-20T00:00:00", "id": "SECURITYVULNS:DOC:28396", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28396", "title": "[SECURITY] [DSA 2530-1] rssh security update", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "description": "\r\n\r\nAll,\r\n\r\nToday I released rssh-2.3.4, which fixes an old issue, and a new\r\nissue:\r\n\r\nOn Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote:\r\n> rssh is a shell for restricting SSH access to a machine to only scp,\r\n> sftp, or a small set of similar applications. \r\n>\r\n> http://www.pizzashack.org/rssh/\r\n>\r\n> Henrik Erkkonen has discovered that, through clever manipulation of\r\n> environment variables on the ssh command line, it is possible to\r\n> circumvent rssh. As far as I can tell, there is no way to effect a\r\n> root compromise, except of course if the root account is the one\r\n> you're attempting to protect with rssh...\r\n\r\nThis was CVE-2012-3478, for which I had originally only posted a patch\r\nto the rssh mailing list. It is now fixed in the new release.\r\n\r\nThe new issue is CVE-2012-2252, which involves improper filtering of\r\nthe rsync command line, when rsync support is configured. This may be\r\nsomewhat of a non-issue for recent stock rssh installations, as\r\nstock rssh does not support newer rsync binaries which use -e to\r\nspecify the rsync protocol; thus if you're using rssh with a recent\r\nistallation, rsync does not work for you anyway, and you therefore\r\nmost likely have it disabled by config. Nevertheless, it is a\r\nlegitimate security concern if you have rsync enabled in the\r\nconfiguration. This also is fixed in 2.3.4.\r\n\r\nThis release also includes some mostly trivial updates for the build\r\nand a bit of minor code clean-up.\r\n\r\nFor people using rssh packages from Debian, Red Hat, or one of their\r\nderivatives, a third vulnerability was recently discovered, assigned\r\nCVE-2012-2251. This issue exists only in a third-party patch to make\r\nrssh work with newer rsync binaries. Stock rssh *is not vulnerable*\r\nto this issue. However if you are relying on your vendor to package\r\nrssh, this likely affects you. \r\n\r\nLastly, since the vendors are providing their own packages, and I'm no\r\nlonger set up to build RPMs, I am no longer providing rssh in RPM\r\nform. Please be sure to update rssh to v2.3.4, either by downloading\r\nand compiling from the website, or by updating your vendor's packages.\r\n\r\n http://www.pizzashack.org/rssh/downloads.shtml\r\n\r\nThank you.\r\n\r\n-- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D\r\n", "modified": "2012-12-03T00:00:00", "published": "2012-12-03T00:00:00", "id": "SECURITYVULNS:DOC:28793", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28793", "title": "Re: rssh security announcement", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "description": "Multiple environment limitation bypass possibilities.", "modified": "2012-12-03T00:00:00", "published": "2012-12-03T00:00:00", "id": "SECURITYVULNS:VULN:12736", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12736", "title": "rssh security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-12T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71840", "id": "OPENVAS:71840", "title": "FreeBSD Ports: rssh", "type": "openvas", "sourceData": "#\n#VID 65b25acc-e63b-11e1-b81c-001b77d09812\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 65b25acc-e63b-11e1-b81c-001b77d09812\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: rssh\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://sourceforge.net/mailarchive/message.php?msg_id=29235647\nhttp://www.vuxml.org/freebsd/65b25acc-e63b-11e1-b81c-001b77d09812.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71840);\n script_cve_id(\"CVE-2012-3478\");\n script_bugtraq_id(53430);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 5940 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:18 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"FreeBSD Ports: rssh\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"rssh\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.4\")<0) {\n txt += \"Package rssh version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:136141256231071840", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071840", "title": "FreeBSD Ports: rssh", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_rssh4.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 65b25acc-e63b-11e1-b81c-001b77d09812\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71840\");\n script_cve_id(\"CVE-2012-3478\");\n script_bugtraq_id(53430);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:18 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"FreeBSD Ports: rssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: rssh\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://sourceforge.net/mailarchive/message.php?msg_id=29235647\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/65b25acc-e63b-11e1-b81c-001b77d09812.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"rssh\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.4\")<0) {\n txt += \"Package rssh version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update to rssh\nannounced via advisory DSA 2530-1.", "modified": "2017-07-07T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71825", "id": "OPENVAS:71825", "title": "Debian Security Advisory DSA 2530-1 (rssh)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2530_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2530-1 (rssh)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does\nnot properly restrict shell access.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-13squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.3-5.\n\nWe recommend that you upgrade your rssh packages.\";\ntag_summary = \"The remote host is missing an update to rssh\nannounced via advisory DSA 2530-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202530-1\";\n\nif(description)\n{\n script_id(71825);\n script_cve_id(\"CVE-2012-3478\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:33:25 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2530-1 (rssh)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rssh\", ver:\"2.3.2-13squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update to rssh\nannounced via advisory DSA 2530-1.", "modified": "2019-03-18T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:136141256231071825", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071825", "title": "Debian Security Advisory DSA 2530-1 (rssh)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2530_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2530-1 (rssh)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71825\");\n script_cve_id(\"CVE-2012-3478\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:33:25 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2530-1 (rssh)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202530-1\");\n script_tag(name:\"insight\", value:\"Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does\nnot properly restrict shell access.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-13squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.3-5.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your rssh packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to rssh\nannounced via advisory DSA 2530-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"rssh\", ver:\"2.3.2-13squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201311-19", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121078", "title": "Gentoo Security Advisory GLSA 201311-19", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201311-19.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121078\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:22 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201311-19\");\n script_tag(name:\"insight\", value:\"Multiple command line parsing and validation vulnerabilities have been discovered in rssh. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201311-19\");\n script_cve_id(\"CVE-2012-2252\", \"CVE-2012-3478\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201311-19\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-shells/rssh\", unaffected: make_list(\"ge 2.3.4\"), vulnerable: make_list(\"lt 2.3.4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:1361412562310864958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864958", "title": "Fedora Update for rssh FEDORA-2012-20109", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rssh FEDORA-2012-20109\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094905.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864958\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:01:53 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-2251\", \"CVE-2012-3478\", \"CVE-2012-2252\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-20109\");\n script_name(\"Fedora Update for rssh FEDORA-2012-20109\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rssh'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"rssh on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rssh\", rpm:\"rssh~2.3.4~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:22", "bulletinFamily": "scanner", "description": "Check for the Version of rssh", "modified": "2018-01-01T00:00:00", "published": "2012-12-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864958", "id": "OPENVAS:864958", "title": "Fedora Update for rssh FEDORA-2012-20109", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rssh FEDORA-2012-20109\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"rssh on Fedora 17\";\ntag_insight = \"rssh is a restricted shell for use with OpenSSH, allowing only scp\n and/or sftp. For example, if you have a server which you only want\n to allow users to copy files off of via scp, without providing shell\n access, you can use rssh to do that. It is a alternative to scponly.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094905.html\");\n script_id(864958);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:01:53 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-2251\", \"CVE-2012-3478\", \"CVE-2012-2252\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-20109\");\n script_name(\"Fedora Update for rssh FEDORA-2012-20109\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"rssh\", rpm:\"rssh~2.3.4~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:46", "bulletinFamily": "unix", "description": "\nDerek Martin (rssh maintainer) reports:\n\nHenrik Erkkonen has discovered that, through clever\n\t manipulation of environment variables on the ssh command\n\t line, it is possible to circumvent rssh. As far as I can\n\t tell, there is no way to effect a root compromise, except of\n\t course if the root account is the one you're attempting to\n\t protect with rssh...\n\n", "modified": "2012-05-08T00:00:00", "published": "2012-05-08T00:00:00", "id": "65B25ACC-E63B-11E1-B81C-001B77D09812", "href": "https://vuxml.freebsd.org/freebsd/65b25acc-e63b-11e1-b81c-001b77d09812.html", "title": "rssh -- arbitrary command execution", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2020-05-01T00:21:39", "bulletinFamily": "scanner", "description": "Derek Martin (rssh maintainer) reports :\n\nHenrik Erkkonen has discovered that, through clever manipulation of\nenvironment variables on the ssh command line, it is possible to\ncircumvent rssh. As far as I can tell, there is no way to effect a\nroot compromise, except of course if the root account is the one\nyou", "modified": "2020-05-02T00:00:00", "id": "FREEBSD_PKG_65B25ACCE63B11E1B81C001B77D09812.NASL", "href": "https://www.tenable.com/plugins/nessus/61617", "published": "2012-08-22T00:00:00", "title": "FreeBSD : rssh -- arbitrary command execution (65b25acc-e63b-11e1-b81c-001b77d09812)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61617);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2012-3478\");\n script_bugtraq_id(53430);\n\n script_name(english:\"FreeBSD : rssh -- arbitrary command execution (65b25acc-e63b-11e1-b81c-001b77d09812)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Derek Martin (rssh maintainer) reports :\n\nHenrik Erkkonen has discovered that, through clever manipulation of\nenvironment variables on the ssh command line, it is possible to\ncircumvent rssh. As far as I can tell, there is no way to effect a\nroot compromise, except of course if the root account is the one\nyou're attempting to protect with rssh...\"\n );\n # http://sourceforge.net/mailarchive/message.php?msg_id=29235647\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/rssh/mailman/message/29235647/\"\n );\n # https://vuxml.freebsd.org/freebsd/65b25acc-e63b-11e1-b81c-001b77d09812.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81a41c6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rssh<2.3.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T23:00:30", "bulletinFamily": "scanner", "description": "Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does\nnot properly restrict shell access.", "modified": "2012-08-16T00:00:00", "id": "DEBIAN_DSA-2530.NASL", "href": "https://www.tenable.com/plugins/nessus/61555", "published": "2012-08-16T00:00:00", "title": "Debian DSA-2530-1 : rssh - shell command injection", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2530. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61555);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-3478\");\n script_bugtraq_id(53430);\n script_xref(name:\"DSA\", value:\"2530\");\n\n script_name(english:\"Debian DSA-2530-1 : rssh - shell command injection\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does\nnot properly restrict shell access.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/rssh\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2530\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rssh packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-13squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"rssh\", reference:\"2.3.2-13squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-01T00:26:58", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201311-19\n(rssh: Access restriction bypass)\n\n Multiple command line parsing and validation vulnerabilities have been\n discovered in rssh. Please review the CVE identifiers referenced below\n for details.\n \nImpact :\n\n Multiple parsing and validation vulnerabilities can cause the\n restrictions set up by rssh to be bypassed.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-05-02T00:00:00", "id": "GENTOO_GLSA-201311-19.NASL", "href": "https://www.tenable.com/plugins/nessus/71121", "published": "2013-11-29T00:00:00", "title": "GLSA-201311-19 : rssh: Access restriction bypass", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201311-19.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71121);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2012-2252\", \"CVE-2012-3478\");\n script_bugtraq_id(53430, 56708);\n script_xref(name:\"GLSA\", value:\"201311-19\");\n\n script_name(english:\"GLSA-201311-19 : rssh: Access restriction bypass\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201311-19\n(rssh: Access restriction bypass)\n\n Multiple command line parsing and validation vulnerabilities have been\n discovered in rssh. Please review the CVE identifiers referenced below\n for details.\n \nImpact :\n\n Multiple parsing and validation vulnerabilities can cause the\n restrictions set up by rssh to be bypassed.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201311-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All rssh users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/rssh-2.3.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-shells/rssh\", unaffected:make_list(\"ge 2.3.4\"), vulnerable:make_list(\"lt 2.3.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rssh\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:22:18", "bulletinFamily": "scanner", "description": "Update to 2.3.4 and fix CVE-2012-2251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2013-01-14T00:00:00", "id": "FEDORA_2012-20111.NASL", "href": "https://www.tenable.com/plugins/nessus/63489", "published": "2013-01-14T00:00:00", "title": "Fedora 18 : rssh-2.3.4-1.fc18 (2012-20111)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20111.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63489);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-2251\", \"CVE-2012-2252\", \"CVE-2012-3478\");\n script_bugtraq_id(53430, 56708);\n script_xref(name:\"FEDORA\", value:\"2012-20111\");\n\n script_name(english:\"Fedora 18 : rssh-2.3.4-1.fc18 (2012-20111)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.3.4 and fix CVE-2012-2251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=820414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=880174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=880177\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096204.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c587926\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rssh package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"rssh-2.3.4-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rssh\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:22:18", "bulletinFamily": "scanner", "description": "Update to 2.3.4 and fix CVE-2012-2251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2012-12-20T00:00:00", "id": "FEDORA_2012-20109.NASL", "href": "https://www.tenable.com/plugins/nessus/63308", "published": "2012-12-20T00:00:00", "title": "Fedora 17 : rssh-2.3.4-1.fc17 (2012-20109)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20109.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63308);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-2251\", \"CVE-2012-2252\", \"CVE-2012-3478\");\n script_bugtraq_id(53430, 56708);\n script_xref(name:\"FEDORA\", value:\"2012-20109\");\n\n script_name(english:\"Fedora 17 : rssh-2.3.4-1.fc17 (2012-20109)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.3.4 and fix CVE-2012-2251\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=820414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=880174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=880177\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094905.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4310fa5a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rssh package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rssh-2.3.4-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rssh\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:21", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2530-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 15, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rssh\nVulnerability : shell command injection\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3478\n\nHenrik Erkkonen discovered that rssh, a restricted shell for SSH, does\nnot properly restrict shell access.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-13squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.3-5.\n\nWe recommend that you upgrade your rssh packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-08-15T19:21:55", "published": "2012-08-15T19:21:55", "id": "DEBIAN:DSA-2530-1:E4DE1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00171.html", "title": "[SECURITY] [DSA 2530-1] rssh security update", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "bulletinFamily": "unix", "description": "### Background\n\nrssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users. \n\n### Description\n\nMultiple command line parsing and validation vulnerabilities have been discovered in rssh. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nMultiple parsing and validation vulnerabilities can cause the restrictions set up by rssh to be bypassed. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll rssh users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-shells/rssh-2.3.4\"", "modified": "2013-11-28T00:00:00", "published": "2013-11-28T00:00:00", "id": "GLSA-201311-19", "href": "https://security.gentoo.org/glsa/201311-19", "type": "gentoo", "title": "rssh: Access restriction bypass", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
