Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2252

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-2252
Last Modified 16 Jan 2013 12:00:00
Published 10 Jan 2013 08:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2252

Summary

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

Vulnerable Systems

Application

  • Pizzashack Rssh 2.0.0

  • Pizzashack Rssh 2.0.1

  • Pizzashack Rssh 2.0.2

  • Pizzashack Rssh 2.0.3

  • Pizzashack Rssh 2.0.4

  • Pizzashack Rssh 2.1.0

  • Pizzashack Rssh 2.1.1

  • Pizzashack Rssh 2.2.1

  • Pizzashack Rssh 2.2.2

  • Pizzashack Rssh 2.2.3

  • Pizzashack Rssh 2.3.0

  • Pizzashack Rssh 2.3.1

  • Pizzashack Rssh 2.3.2

  • Pizzashack Rssh 2.3.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=880177

XF - rssh-command-line-command-exec(80335)

BID - 56708

MLIST - [oss-security] 20121127 Re: rssh: incorrect filtering of command line options

MLIST - [oss-security] 20121128 Re: rssh: incorrect filtering of command line options

MLIST - [oss-security] 20121128 rssh: incorrect filtering of command line options

DEBIAN - DSA-2578

SECUNIA - 51343

SECUNIA - 51307

OSVDB - 87926

BUGTRAQ - 20121127 Re: rssh security announcement


Last Updated: 27 May 2016 11:01:36