Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2251

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-2251
Last Modified 14 Jan 2013 12:00:00
Published 10 Jan 2013 08:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2251

Summary

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

Vulnerable Systems

Application

  • Pizzashack Rssh 2.3.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=877279

XF - rssh-eoption-command-execution(80334)

BID - 56708

MLIST - [oss-security] 20121128 rssh: incorrect filtering of command line options

DEBIAN - DSA-2578

SECUNIA - 51307

BUGTRAQ - 20121127 Re: rssh security announcement


Last Updated: 27 May 2016 11:01:36