Lucene search
K
PizzashackRssh

7 matches found

CVE
CVE
added 2019/02/04 9:0 p.m.149 views

CVE-2019-1000018

CVE-2019-1000018 affects rssh 2.3.4, where allowscp permits CWE-77 (Command Injection) leading to Local command execution. Exploitation is possible by an authorized SSH user with allowscp. Deb‑pack records note a fix version (Debian: 2.3.4-5+deb9u4); Alpine doc confirms the issue. No wider exploi...

7.8CVSS8.6AI score0.0188EPSS
CVE
CVE
added 2019/02/06 7:0 p.m.139 views

CVE-2019-3464

CVE-2019-3464 involves insufficient sanitization of environment variables passed to rsync, enabling bypass of rssh restrictions and potential execution of arbitrary shell commands. The vulnerability affects setups using rssh as a restricted shell paired with rsync; attackers could exploit environ...

9.8CVSS9.3AI score0.04699EPSS
CVE
CVE
added 2019/02/06 7:0 p.m.132 views

CVE-2019-3463

CVE-2019-3463 involves insufficient sanitization of arguments passed to rsync, which can bypass rssh restrictions and allow execution of arbitrary shell commands. The issue lies in how rsync arguments are processed, enabling an authorized user to escape intended restrictions of the restricted she...

9.8CVSS9.2AI score0.04869EPSS
CVE
CVE
added 2013/01/11 1:0 a.m.68 views

CVE-2012-2251

CVE-2012-2251 affects rssh 2.3.2 (used by Debian, Fedora and others) where, with rsync enabled, local users can bypass restricted shell via the "-e" or "--" options. The issue, per sources, yields partial confidentiality/integrity/availability impact. Fedora addressed this with rssh 2.3.4-1.fc18 ...

4.4CVSS6.2AI score0.00335EPSS
CVE
CVE
added 2012/08/31 6:0 p.m.64 views

CVE-2012-3478

CVE-2012-3478 affects the restricted shell implementation rssh (versions 2.3.3 and earlier). The root cause is that crafted environment variables in the command line allow local users to bypass intended restricted-shell access, enabling privilege escalation to some degree and bypass of restrictio...

2.1CVSS6.2AI score0.00388EPSS
CVE
CVE
added 2013/01/11 1:0 a.m.58 views

CVE-2012-2252

CVE-2012-2252 affects rssh prior to version 2.3.4 when the rsync protocol is enabled. The vulnerability is an incomplete blacklist in command line handling that allows local users to bypass restricted shell access via the --rsh option. Practically, an attacker with local access could exploit this...

4.4CVSS6.2AI score0.00365EPSS
Web
CVE
CVE
added 2005/02/20 5:0 a.m.55 views

CVE-2004-1628

CVE-2004-1628 affects the rssh project (before 2.2.2). The vulnerability is a format string issue in log.c that can allow remote authenticated users to execute arbitrary code. Exploitation details are not provided in the connected documents beyond the CVE description, but multiple sources (Gentoo...

9CVSS6.9AI score0.04702EPSS