Download
| Alert*
|
CVE-2012-2252
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. CVE-2012-2251 rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. CVE-2012-3478 rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. |
