Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28793
HistoryDec 03, 2012 - 12:00 a.m.

Re: rssh security announcement

2012-12-0300:00:00
vulners.com
6
JSON

All,

Today I released rssh-2.3.4, which fixes an old issue, and a new
issue:

On Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote:
> rssh is a shell for restricting SSH access to a machine to only scp,
> sftp, or a small set of similar applications.
>
> http://www.pizzashack.org/rssh/
>
> Henrik Erkkonen has discovered that, through clever manipulation of
> environment variables on the ssh command line, it is possible to
> circumvent rssh. As far as I can tell, there is no way to effect a
> root compromise, except of course if the root account is the one
> you're attempting to protect with rssh…

This was CVE-2012-3478, for which I had originally only posted a patch
to the rssh mailing list. It is now fixed in the new release.

The new issue is CVE-2012-2252, which involves improper filtering of
the rsync command line, when rsync support is configured. This may be
somewhat of a non-issue for recent stock rssh installations, as
stock rssh does not support newer rsync binaries which use -e to
specify the rsync protocol; thus if you're using rssh with a recent
istallation, rsync does not work for you anyway, and you therefore
most likely have it disabled by config. Nevertheless, it is a
legitimate security concern if you have rsync enabled in the
configuration. This also is fixed in 2.3.4.

This release also includes some mostly trivial updates for the build
and a bit of minor code clean-up.

For people using rssh packages from Debian, Red Hat, or one of their
derivatives, a third vulnerability was recently discovered, assigned
CVE-2012-2251. This issue exists only in a third-party patch to make
rssh work with newer rsync binaries. Stock rssh is not vulnerable
to this issue. However if you are relying on your vendor to package
rssh, this likely affects you.

Lastly, since the vendors are providing their own packages, and I'm no
longer set up to build RPMs, I am no longer providing rssh in RPM
form. Please be sure to update rssh to v2.3.4, either by downloading
and compiling from the website, or by updating your vendor's packages.

http://www.pizzashack.org/rssh/downloads.shtml

Thank you.

– Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D

Related

securityvulns 3
openvas 9
fedora 2
nessus 6
altlinux 1
osv 2
debian 2
gentoo 1
ubuntucve 3
prion 3
seebug 2
cve 3
debiancve 3
freebsd 1
securityvulns
securityvulns
rssh security vulnerabilities
2012-12-03 00:00:00
rssh restrictions bypass
2012-08-20 00:00:00
[SECURITY] [DSA 2530-1] rssh security update
2012-08-20 00:00:00
openvas
openvas
Fedora Update for rssh FEDORA-2012-20109
2012-12-26 00:00:00
Fedora Update for rssh FEDORA-2012-20109
2012-12-26 00:00:00
Debian Security Advisory DSA 2578-1 (rssh)
2012-12-04 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rssh-2.3.4-1.fc18
2013-01-12 01:00:43
[SECURITY] Fedora 17 Update: rssh-2.3.4-1.fc17
2012-12-19 08:36:29
nessus
nessus
Fedora 18 : rssh-2.3.4-1.fc18 (2012-20111)
2013-01-14 00:00:00
Fedora 17 : rssh-2.3.4-1.fc17 (2012-20109)
2012-12-20 00:00:00
GLSA-201311-19 : rssh: Access restriction bypass
2013-11-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package rssh version 2.3.4-alt2
2016-07-04 00:00:00
osv
osv
rssh - several
2012-11-28 00:00:00
rssh - shell command injection
2012-08-15 00:00:00
debian
debian
[SECURITY] [DSA 2578-1] rssh security update
2012-11-27 23:16:09
[SECURITY] [DSA 2530-1] rssh security update
2012-08-15 19:21:31
gentoo
gentoo
rssh: Access restriction bypass
2013-11-28 00:00:00
ubuntucve
ubuntucve
CVE-2012-2252
2013-01-11 00:00:00
CVE-2012-2251
2013-01-11 00:00:00
CVE-2012-3478
2012-08-31 00:00:00
prion
prion
Design/Logic Flaw
2013-01-11 01:55:00
Design/Logic Flaw
2012-08-31 18:55:00
Design/Logic Flaw
2013-01-11 01:55:00
seebug
seebug
rssh rsync --rsh 选项远程任意命令执行漏洞
2012-11-30 00:00:00
rssh rsync -e 选项远程任意命令执行漏洞
2012-11-30 00:00:00
cve
cve
CVE-2012-2252
2013-01-11 01:55:00
CVE-2012-3478
2012-08-31 18:55:00
CVE-2012-2251
2013-01-11 01:55:00
debiancve
debiancve
CVE-2012-2252
2013-01-11 01:55:00
CVE-2012-3478
2012-08-31 18:55:00
CVE-2012-2251
2013-01-11 01:55:00
freebsd
freebsd
rssh -- arbitrary command execution
2012-05-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:28793
securityvulns3openvas9fedora2nessus6altlinux1osv2debian2gentoo1ubuntucve3prion3seebug2cve3debiancve3freebsd1