Improper input validation in Pizzashack Rssh
CVE-2012-2251
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.003 (25.3th percentile) — read the EPSS interpretation.
Affected products
- Pizzashack Rssh — versions 2.3.2
- Debian Debian_linux
- Fedoraproject Fedora
- N/a — versions n/a
Weakness classification (CWE)
References
- security@debian.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- security@debian.org (mailing-list, x_refsource_MLIST)
- security@debian.org (vendor-advisory, x_refsource_DEBIAN)
- security@debian.org (vdb-entry, x_refsource_BID)
- security@debian.org (vdb-entry, x_refsource_XF)
- security@debian.org (x_refsource_CONFIRM)
- security@debian.org (mailing-list, x_refsource_BUGTRAQ)