Lucene search

Gentoo FoundationGLSA-200410-28

HistoryOct 27, 2004 - 12:00 a.m.

rssh: Format string vulnerability

2004-10-2700:00:00

Gentoo Foundation

security.gentoo.org

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.8%

JSON

Background

rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users.

Description

Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in rssh syslogging of failed commands.

Impact

Using a malicious command, it may be possible for a remote authenticated user to execute arbitrary code on the target machine with user rights, effectively bypassing any restriction of rssh.

Workaround

There is no known workaround at this time.

Resolution

All rssh users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-shells/rssh-2.2.2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-shells/rssh< 2.2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-shells/rssh	< 2.2.2	UNKNOWN

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for GLSA-200410-28