Joined: 12 May 2004
|Posted: Thu Nov 28, 2013 11:26 am Post subject: [ GLSA 201311-19 ] rssh: Access restriction bypass
|Gentoo Linux Security Advisory
Title: rssh: Access restriction bypass (GLSA 201311-19)
Date: November 28, 2013
Bug(s): #415255, #445166
Multiple vulnerabilities have been found in rssh, allowing local
attackers to bypass access restrictions.
rssh is a restricted shell, allowing only a few commands like scp or
sftp. It is often used as a complement to OpenSSH to provide limited
access to users.
Vulnerable: < 2.3.4
Unaffected: >= 2.3.4
Architectures: All supported architectures
Multiple command line parsing and validation vulnerabilities have been
discovered in rssh. Please review the CVE identifiers referenced below
Multiple parsing and validation vulnerabilities can cause the
restrictions set up by rssh to be bypassed.
There is no known workaround at this time.
All rssh users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.4"