DSA-2578-1 rssh -- insufficient filtering of rsync command lineID: oval:org.secpod.oval:def:600918 | Date: (C)2012-11-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned: CVE-2012-2251 Incorrect filtering of command line when using rsync protocol. It was for example possible to pass dangerous options after a "--" switch. The rsync protocol support has been added in a Debian specific patch, so this vulnerability doesn"t affect upstream. CVE-2012-2251 Incorrect filtering of the "--rsh" option: the filter preventing usage of the "--rsh=" option would not prevent passing "--rsh". This vulnerability affects upstream code.