13 matches found
GLSA-202007-29 : rssh: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202007-29 rssh: Multiple vulnerabilities Multiple vulnerabilities have been discovered in rssh. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...
Amazon Linux AMI : rssh (ALAS-2019-1328)
Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. CVE-2019-3464 Insufficient sanitation of arguments...
Important: rssh
Issue Overview: Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. CVE-2019-3464 Insufficient sanitati...
Fedora 30 : rssh (2019-d1487c13ac)
Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 31 : rssh (2019-e47add6b2b)
Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 29 : rssh (2019-bfb407659e)
Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Ubuntu: Security Advisory (USN-3946-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4377-3] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...
CVE-2019-1000018
CVE-2019-1000018 affects rssh 2.3.4, where allowscp permits CWE-77 (Command Injection) leading to Local command execution. Exploitation is possible by an authorized SSH user with allowscp. Deb‑pack records note a fix version (Debian: 2.3.4-5+deb9u4); Alpine doc confirms the issue. No wider exploi...
CVE-2019-1000018
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...
Debian DSA-4377-1 : rssh - security update
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...
[SECURITY] [DLA 1650-1] rssh security update
Package : rssh Version : 2.3.4-4+deb8u1 CVE ID : CVE-2019-1000018 Debian Bug : 919623 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp...
[SECURITY] [DSA 4377-1] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...