Gentoo Security Advisory GLSA 201311-19, rssh command line parsing vulnerabilit
Reporter | Title | Published | Views | Family All 40 |
---|---|---|---|---|
![]() | Security fix for the ALT Linux 8 package rssh version 2.3.4-alt2 | 4 Jul 201600:00 | β | altlinux |
![]() | GLSA-201311-19 : rssh: Access restriction bypass | 29 Nov 201300:00 | β | nessus |
![]() | Fedora 17 : rssh-2.3.4-1.fc17 (2012-20109) | 20 Dec 201200:00 | β | nessus |
![]() | Fedora 18 : rssh-2.3.4-1.fc18 (2012-20111) | 14 Jan 201300:00 | β | nessus |
![]() | Debian DSA-2530-1 : rssh - shell command injection | 16 Aug 201200:00 | β | nessus |
![]() | FreeBSD : rssh -- arbitrary command execution (65b25acc-e63b-11e1-b81c-001b77d09812) | 22 Aug 201200:00 | β | nessus |
![]() | Debian DSA-2578-1 : rssh - insufficient filtering of rsync command line | 28 Nov 201200:00 | β | nessus |
![]() | rssh: Access restriction bypass | 28 Nov 201300:00 | β | gentoo |
![]() | [SECURITY] Fedora 18 Update: rssh-2.3.4-1.fc18 | 12 Jan 201301:00 | β | fedora |
![]() | [SECURITY] Fedora 17 Update: rssh-2.3.4-1.fc17 | 19 Dec 201208:36 | β | fedora |
Source | Link |
---|---|
security | www.security.gentoo.org/glsa/201311-19 |
# SPDX-FileCopyrightText: 2015 Eero Volotinen
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.121078");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"creation_date", value:"2015-09-29 11:26:22 +0300 (Tue, 29 Sep 2015)");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_name("Gentoo Security Advisory GLSA 201311-19");
script_tag(name:"insight", value:"Multiple command line parsing and validation vulnerabilities have been discovered in rssh. Please review the CVE identifiers referenced below for details.");
script_tag(name:"solution", value:"Update the affected packages to the latest available version.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://security.gentoo.org/glsa/201311-19");
script_cve_id("CVE-2012-2252", "CVE-2012-3478");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Gentoo Linux Local Security Checks GLSA 201311-19");
script_copyright("Copyright (C) 2015 Eero Volotinen");
script_family("Gentoo Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if((res=ispkgvuln(pkg:"app-shells/rssh", unaffected: make_list("ge 2.3.4"), vulnerable: make_list("lt 2.3.4"))) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo