Lucene search

Gentoo FoundationGLSA-200512-15

HistoryDec 27, 2005 - 12:00 a.m.

rssh: Privilege escalation

2005-12-2700:00:00

Gentoo Foundation

security.gentoo.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.8%

JSON

Background

rssh is a restricted shell, allowing only a few commands like scp or sftp. It is often used as a complement to OpenSSH to provide limited access to users.

Description

Max Vozeler discovered that the rssh_chroot_helper command allows local users to chroot into arbitrary directories.

Impact

A local attacker could exploit this vulnerability to gain root privileges by chrooting into arbitrary directories.

Workaround

There is no known workaround at this time.

Resolution

All rssh users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-shells/rssh-2.3.0"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-shells/rssh< 2.3.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-shells/rssh	< 2.3.0	UNKNOWN

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for GLSA-200512-15