Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 9 of 9 results


CVE-2019-3464

Medium priority
Fixed

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of...

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh Fixed Fixed
Show less packages

CVE-2019-3463

High priority
Fixed

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh Fixed Fixed
Show less packages

CVE-2019-1000018

Medium priority
Fixed

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be...

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh Fixed Fixed
Show less packages

CVE-2012-2252

Medium priority
Ignored

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh Not affected
Show less packages

CVE-2012-2251

Medium priority
Ignored

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh Not affected
Show less packages

CVE-2012-3478

Medium priority

Some fixes available 1 of 5

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh Not affected
Show less packages

CVE-2006-1320

Unknown priority
Not affected

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh
Show less packages

CVE-2005-3345

Unknown priority
Fixed

rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh
Show less packages

CVE-2004-1161

Unknown priority
Fixed

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

1 affected packages

rssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rssh
Show less packages