63 lines
2 KiB
XML
63 lines
2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="201311-19">
|
|
<title>rssh: Access restriction bypass</title>
|
|
<synopsis>Multiple vulnerabilities have been found in rssh, allowing local
|
|
attackers to bypass access restrictions.
|
|
</synopsis>
|
|
<product type="ebuild">rssh</product>
|
|
<announced>2013-11-28</announced>
|
|
<revised count="1">2013-11-28</revised>
|
|
<bug>415255</bug>
|
|
<bug>445166</bug>
|
|
<access>local</access>
|
|
<affected>
|
|
<package name="app-shells/rssh" auto="yes" arch="*">
|
|
<unaffected range="ge">2.3.4</unaffected>
|
|
<vulnerable range="lt">2.3.4</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>rssh is a restricted shell, allowing only a few commands like scp or
|
|
sftp. It is often used as a complement to OpenSSH to provide limited
|
|
access to users.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>Multiple command line parsing and validation vulnerabilities have been
|
|
discovered in rssh. Please review the CVE identifiers referenced below
|
|
for details.
|
|
</p>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>Multiple parsing and validation vulnerabilities can cause the
|
|
restrictions set up by rssh to be bypassed.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>There is no known workaround at this time.</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>All rssh users should upgrade to the latest version:</p>
|
|
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.4"
|
|
</code>
|
|
|
|
</resolution>
|
|
<references>
|
|
<uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2252">
|
|
CVE-2012-2252
|
|
</uri>
|
|
<uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3478">
|
|
CVE-2012-3478
|
|
</uri>
|
|
</references>
|
|
<metadata tag="requester" timestamp="2012-08-24T14:16:31Z">
|
|
underling
|
|
</metadata>
|
|
<metadata tag="submitter" timestamp="2013-11-28T08:18:46Z">
|
|
BlueKnight
|
|
</metadata>
|
|
</glsa>
|