GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Nov 28, 2013 11:26 am Post subject: [ GLSA 201311-19 ] rssh: Access restriction bypass |
 |
|
Gentoo Linux Security Advisory
Title: rssh: Access restriction bypass (GLSA 201311-19)
Severity: normal
Exploitable: local
Date: November 28, 2013
Bug(s): #415255, #445166
ID: 201311-19
Synopsis
Multiple vulnerabilities have been found in rssh, allowing local
attackers to bypass access restrictions.
Background
rssh is a restricted shell, allowing only a few commands like scp or
sftp. It is often used as a complement to OpenSSH to provide limited
access to users.
Affected Packages
Package: app-shells/rssh
Vulnerable: < 2.3.4
Unaffected: >= 2.3.4
Architectures: All supported architectures
Description
Multiple command line parsing and validation vulnerabilities have been
discovered in rssh. Please review the CVE identifiers referenced below
for details.
Impact
Multiple parsing and validation vulnerabilities can cause the
restrictions set up by rssh to be bypassed.
Workaround
There is no known workaround at this time.
Resolution
All rssh users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.4"
|
References
CVE-2012-2252
CVE-2012-3478
|
|
News & Announcements
