Vulnerabilites related to rssh - rssh
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3708773-21D3-4A11-A259-B9E8E81F916E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F835C18-5D15-43FD-B009-E7332E51A8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A58936DD-0289-4B93-B351-CB1A3F4D54E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0624666-0D2F-40FB-A9B2-5C868D6F3515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB6E21A-9555-4655-B23C-998FFCFE83F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S."
}
],
"id": "CVE-2004-1161",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110202047507273\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110581113814623\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110202047507273\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110581113814623\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-20 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rssh:rssh:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01E9E67F-82D8-4D50-85E3-2B27B23D7896",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf."
}
],
"id": "CVE-2006-1320",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-20T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21087"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1109"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18999"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3708773-21D3-4A11-A259-B9E8E81F916E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F835C18-5D15-43FD-B009-E7332E51A8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A58936DD-0289-4B93-B351-CB1A3F4D54E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0624666-0D2F-40FB-A9B2-5C868D6F3515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB6E21A-9555-4655-B23C-998FFCFE83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC1BDE2-DFD4-4A3C-93E7-5E67C53AFCB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory."
}
],
"id": "CVE-2005-3345",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T22:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18224"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18237"
},
{
"source": "security@debian.org",
"url": "http://securityreason.com/securityalert/308"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"source": "security@debian.org",
"url": "http://www.pizzashack.org/rssh/security.shtml"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16050"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pizzashack.org/rssh/security.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3708773-21D3-4A11-A259-B9E8E81F916E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F835C18-5D15-43FD-B009-E7332E51A8AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail."
},
{
"lang": "es",
"value": "rssh 2.0 a 2.1.x expanden argumentos de l\u00ednea de comandos antes de entrar en una jaula chroot, lo que permite a usuarios remotos autenticaos determinar la existencia de de ficheros en un directorio fuera de la jaula."
}
],
"id": "CVE-2004-0609",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108787373022844\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10574"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108787373022844\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2004-1161 (GCVE-0-2004-1161)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200412-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml"
},
{
"name": "11792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11792"
},
{
"name": "20050115 Re: rssh and scponly arbitrary command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110581113814623\u0026w=2"
},
{
"name": "20041202 rssh and scponly arbitrary command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110202047507273\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200412-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml"
},
{
"name": "11792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11792"
},
{
"name": "20050115 Re: rssh and scponly arbitrary command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110581113814623\u0026w=2"
},
{
"name": "20041202 rssh and scponly arbitrary command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110202047507273\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200412-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml"
},
{
"name": "11792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11792"
},
{
"name": "20050115 Re: rssh and scponly arbitrary command execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110581113814623\u0026w=2"
},
{
"name": "20041202 rssh and scponly arbitrary command execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110202047507273\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1161",
"datePublished": "2004-12-10T05:00:00",
"dateReserved": "2004-12-09T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1320 (GCVE-0-2006-1320)
Vulnerability from cvelistv5
Published
2006-03-20 11:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322"
},
{
"name": "18999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18999"
},
{
"name": "21087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21087"
},
{
"name": "debian-rssh-rsync-rdist-bypass-security(25424)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322"
},
{
"name": "18999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18999"
},
{
"name": "21087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21087"
},
{
"name": "debian-rssh-rsync-rdist-bypass-security(25424)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1109",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1109"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346322"
},
{
"name": "18999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18999"
},
{
"name": "21087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21087"
},
{
"name": "debian-rssh-rsync-rdist-bypass-security(25424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25424"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1320",
"datePublished": "2006-03-20T11:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0609 (GCVE-0-2004-0609)
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10574"
},
{
"name": "20040619 Security flaw in rssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108787373022844\u0026w=2"
},
{
"name": "rssh-jail-obtain-info(16470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10574"
},
{
"name": "20040619 Security flaw in rssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108787373022844\u0026w=2"
},
{
"name": "rssh-jail-obtain-info(16470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10574"
},
{
"name": "20040619 Security flaw in rssh",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108787373022844\u0026w=2"
},
{
"name": "rssh-jail-obtain-info(16470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0609",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-29T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3345 (GCVE-0-2005-3345)
Vulnerability from cvelistv5
Published
2005-12-28 22:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200512-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"name": "308",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/308"
},
{
"name": "18237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pizzashack.org/rssh/security.shtml"
},
{
"name": "rssh-chroot-gain-privileges(23854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"name": "16050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16050"
},
{
"name": "18224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-200512-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"name": "308",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/308"
},
{
"name": "18237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pizzashack.org/rssh/security.shtml"
},
{
"name": "rssh-chroot-gain-privileges(23854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"name": "16050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16050"
},
{
"name": "18224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200512-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"name": "308",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/308"
},
{
"name": "18237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18237"
},
{
"name": "http://www.pizzashack.org/rssh/security.shtml",
"refsource": "CONFIRM",
"url": "http://www.pizzashack.org/rssh/security.shtml"
},
{
"name": "rssh-chroot-gain-privileges(23854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"name": "16050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16050"
},
{
"name": "18224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3345",
"datePublished": "2005-12-28T22:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}