Lucene search
RootSSV:60483HistoryNov 30, 2012 - 12:00 a.m.
rssh rsync -e 选项远程任意命令执行漏洞
2012-11-3000:00:00
Root
www.seebug.org
20
0.0004 Low
EPSS
Percentile
5.7%
BUGTRAQ ID: 56708
CVE(CAN) ID: CVE-2012-2251
rssh是配合OpenSSH使用的shell,仅允许scp、sftp。现在也支持rdist、rsync、cvs。
rssh 2.3.3-3在使用rsync时没有正确过滤 -e 选项,可导致远程攻击者利用此漏洞执行任意命令。
0
rssh 2.3.3
厂商补丁:
rssh
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://prdownloads.sourceforge.net/rssh/rssh-2.3.4.tar.gz?download
rsync -e./script.sh localhost:/tmp--server ./
Related
debiancve
debiancve
CVE-2012-2251
2013-01-11 01:55:00
cve
cve
CVE-2012-2251
2013-01-11 01:55:00
ubuntucve
ubuntucve
CVE-2012-2251
2013-01-11 00:00:00
cvelist
cvelist
CVE-2012-2251
2013-01-11 01:00:00
prion
prion
Design/Logic Flaw
2013-01-11 01:55:00
nessus
nessus
Debian DSA-2578-1 : rssh - insufficient filtering of rsync command line
2012-11-28 00:00:00
Fedora 18 : rssh-2.3.4-1.fc18 (2012-20111)
2013-01-14 00:00:00
Fedora 17 : rssh-2.3.4-1.fc17 (2012-20109)
2012-12-20 00:00:00
osv
osv
rssh - several
2012-11-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2578-1)
2012-12-04 00:00:00
Debian Security Advisory DSA 2578-1 (rssh)
2012-12-04 00:00:00
Fedora Update for rssh FEDORA-2012-20109
2012-12-26 00:00:00
debian
debian
[SECURITY] [DSA 2578-1] rssh security update
2012-11-27 23:16:33
securityvulns
securityvulns
Re: rssh security announcement
2012-12-03 00:00:00
rssh security vulnerabilities
2012-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rssh-2.3.4-1.fc17
2012-12-19 08:36:29
[SECURITY] Fedora 18 Update: rssh-2.3.4-1.fc18
2013-01-12 01:00:43