454 matches found
CVE-2012-2252
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option...
Design/Logic Flaw
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option...
UBUNTU-CVE-2012-2252
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option...
UBUNTU-CVE-2012-2251
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a 1 "-e" or 2 "--" command line option...
CVE-2012-2251
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a 1 "-e" or 2 "--" command line option...
CVE-2012-2251
Removed by vendor...
CVE-2012-2252
CVE-2012-2252 affects rssh prior to version 2.3.4 when the rsync protocol is enabled. The vulnerability is an incomplete blacklist in command line handling that allows local users to bypass restricted shell access via the --rsh option. Practically, an attacker with local access could exploit this...
CVE-2012-2251
CVE-2012-2251 affects rssh 2.3.2 (used by Debian, Fedora and others) where, with rsync enabled, local users can bypass restricted shell via the "-e" or "--" options. The issue, per sources, yields partial confidentiality/integrity/availability impact. Fedora addressed this with rssh 2.3.4-1.fc18 ...
Fedora Update for rssh FEDORA-2012-20109
Check for the Version of rssh OpenVAS Vulnerability Test Fedora Update for rssh FEDORA-2012-20109 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
[SECURITY] Fedora 17 Update: rssh-2.3.4-1.fc17
rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly...
Debian: Security Advisory (DSA-2578-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-2578-1 rssh - several
Bulletin has no description...
CVE-2012-3478
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
CVE-2012-3478
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
Design/Logic Flaw
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
CVE-2012-3478
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
CVE-2012-3478
CVE-2012-3478 affects the restricted shell implementation rssh (versions 2.3.3 and earlier). The root cause is that crafted environment variables in the command line allow local users to bypass intended restricted-shell access, enabling privilege escalation to some degree and bypass of restrictio...
CVE-2012-3410
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...
CVE-2012-3410
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...
DEBIAN-CVE-2012-3410
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...