Download
| Alert*
oval:org.secpod.oval:def:53513
The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:54409 rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input. oval:org.secpod.oval:def:603633 The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:600918 James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned: CVE-2012-2251 ... oval:org.secpod.oval:def:601508 rssh is installed oval:org.secpod.oval:def:600869 Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. oval:org.secpod.oval:def:117363 rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly. oval:org.secpod.oval:def:1900014 Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, result ing in the execution of arbitrary shell commands. oval:org.secpod.oval:def:603622 Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell comman ... oval:org.secpod.oval:def:603644 The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those. oval:org.secpod.oval:def:1901473 Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. oval:org.secpod.oval:def:603619 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell c ... oval:org.secpod.oval:def:1900006 rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command vulnerability in allow scppermission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allow scp permission. oval:org.secpod.oval:def:53522 The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those. oval:org.secpod.oval:def:53502 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell c ... oval:org.secpod.oval:def:53505 Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell comman ... oval:org.secpod.oval:def:704888 rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input. |