Vulnerability in Pizzashack Rssh
CVE-2012-2252
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
EPSS: 0.004 (28.4th percentile) — read the EPSS interpretation.
Affected products
- Pizzashack Rssh — versions 2.0.0, 2.0.1, 2.0.2
- N/a — versions n/a
References
- security@debian.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- security@debian.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- security@debian.org (mailing-list, x_refsource_MLIST)
- security@debian.org (mailing-list, x_refsource_MLIST)
- security@debian.org (mailing-list, x_refsource_MLIST)
- security@debian.org (vendor-advisory, x_refsource_DEBIAN)
- security@debian.org (vdb-entry, x_refsource_XF)
- security@debian.org (vdb-entry, x_refsource_BID)
- security@debian.org (x_refsource_MISC)
- security@debian.org (x_refsource_OSVDB, vdb-entry)