Search criteria
7 vulnerabilities by pizzashack
CVE-2019-3463 (GCVE-0-2019-3463)
Vulnerability from cvelistv5 – Published: 2019-02-06 19:00 – Updated: 2024-09-17 01:31
VLAI
Summary
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Severity
No CVSS data available.
CWE
- Incomplete sanitization of passed arguments
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2019/dsa-4382 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/106839 | vdb-entryx_refsource_BID |
| https://tracker.debian.org/news/1026713/accepted-… | x_refsource_MISC |
| https://usn.ubuntu.com/3946-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202007-29 | vendor-advisoryx_refsource_GENTOO |
| http://seclists.org/fulldisclosure/2021/May/78 | mailing-listx_refsource_FULLDISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian GNU/Linux | rssh |
Affected:
All versions before 2.3.4-5+deb9u2 and 2.3.4-10
|
Date Public
2019-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rssh",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
],
"datePublic": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete sanitization of passed arguments",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T23:06:14.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2019-3463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rssh",
"version": {
"version_data": [
{
"version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete sanitization of passed arguments"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4382",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106839"
},
{
"name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3463",
"datePublished": "2019-02-06T19:00:00.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:33.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3464 (GCVE-0-2019-3464)
Vulnerability from cvelistv5 – Published: 2019-02-06 19:00 – Updated: 2024-09-17 04:29
VLAI
Summary
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Severity
No CVSS data available.
CWE
- Incomplete sanitization of environment variable
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2019/dsa-4382 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/106839 | vdb-entryx_refsource_BID |
| https://tracker.debian.org/news/1026713/accepted-… | x_refsource_MISC |
| https://usn.ubuntu.com/3946-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202007-29 | vendor-advisoryx_refsource_GENTOO |
| http://seclists.org/fulldisclosure/2021/May/78 | mailing-listx_refsource_FULLDISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian GNU/Linux | rssh |
Affected:
All versions before 2.3.4-5+deb9u2 and 2.3.4-10
|
Date Public
2019-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rssh",
"vendor": "Debian GNU/Linux",
"versions": [
{
"status": "affected",
"version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
],
"datePublic": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete sanitization of environment variable",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T23:06:13.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-4382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2019-3464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rssh",
"version": {
"version_data": [
{
"version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
}
]
}
}
]
},
"vendor_name": "Debian GNU/Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete sanitization of environment variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4382",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4382"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
},
{
"name": "106839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106839"
},
{
"name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3464",
"datePublished": "2019-02-06T19:00:00.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:29:35.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1000018 (GCVE-0-2019-1000018)
Vulnerability from cvelistv5 – Published: 2019-02-04 21:00 – Updated: 2025-03-19 19:45
VLAI
Summary
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://esnet-security.github.io/vulnerabilities/… | |
| https://www.debian.org/security/2019/dsa-4377 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-list |
| https://usn.ubuntu.com/3946-1/ | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202007-29 | vendor-advisory |
| http://seclists.org/fulldisclosure/2021/May/78 | mailing-list |
| https://github.com/WlX-33/PoC-for-CVE/blob/main/C… |
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2019-01-22T00:00:00.000Z",
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T19:45:40.057Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-01-22T21:21:10.024645",
"DATE_REQUESTED": "2019-01-16T17:31:27",
"ID": "CVE-2019-1000018",
"REQUESTER": "security@es.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
"refsource": "MISC",
"url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
},
{
"name": "DSA-4377",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4377"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
},
{
"name": "USN-3946-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3946-1/"
},
{
"name": "FEDORA-2019-e47add6b2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
},
{
"name": "FEDORA-2019-d1487c13ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
},
{
"name": "FEDORA-2019-bfb407659e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
},
{
"name": "GLSA-202007-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-29"
},
{
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-1000018",
"datePublished": "2019-02-04T21:00:00.000Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2025-03-19T19:45:40.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2251 (GCVE-0-2012-2251)
Vulnerability from cvelistv5 – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
VLAI
Summary
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/51307 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/1… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2012/dsa-2578 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/56708 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=877279 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2251",
"datePublished": "2013-01-11T01:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2252 (GCVE-0-2012-2252)
Vulnerability from cvelistv5 – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
VLAI
Summary
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/51343 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/51307 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/11/28/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/11/28/3 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2012/dsa-2578 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/56708 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=880177 | x_refsource_MISC |
| http://osvdb.org/87926 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "51343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51343"
},
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "rssh-command-line-command-exec(80335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880177",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"refsource": "OSVDB",
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2252",
"datePublished": "2013-01-11T01:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3478 (GCVE-0-2012-3478)
Vulnerability from cvelistv5 – Published: 2012-08-31 18:00 – Updated: 2024-08-06 20:05
VLAI
Summary
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.openwall.com/lists/oss-security/2012/11/28/3 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/08/11/3 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2012/dsa-2530 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50272 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/53430 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/08/10/7 | mailing-listx_refsource_MLIST |
| http://sourceforge.net/mailarchive/message.php?ms… | mailing-listx_refsource_MLIST |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120508 rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-12T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120508 rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120508 rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
},
{
"name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
},
{
"name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
},
{
"name": "DSA-2530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2530"
},
{
"name": "50272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50272"
},
{
"name": "53430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53430"
},
{
"name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
},
{
"name": "[rssh-discuss] 20120508 Re: rssh security announcement",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3478",
"datePublished": "2012-08-31T18:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1628 (GCVE-0-2004-1628)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
VLAI
Summary
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.pizzashack.org/rssh/ | x_refsource_CONFIRM |
| http://www.gentoo.org/security/en/glsa/glsa-20041… | vendor-advisoryx_refsource_GENTOO |
| http://marc.info/?l=bugtraq&m=109855982425122&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/12954 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2004-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pizzashack.org/rssh/",
"refsource": "CONFIRM",
"url": "http://www.pizzashack.org/rssh/"
},
{
"name": "GLSA-200410-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
},
{
"name": "20041023 rssh: pizzacode security alert",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
},
{
"name": "rssh-format-string(17831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
},
{
"name": "12954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1628",
"datePublished": "2005-02-20T05:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}