Multiple vulnerabilities in rssh.sourceforge.net rssh
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2012-2251 CVE-2012-2252 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
rssh Server applications / Remote management servers, RDP, SSH |
| Vendor | rssh.sourceforge.net |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43210
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-2251
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
MitigationInstall update from vendor's website.
Vulnerable software versionsrssh: 2.3.2
CPE2.3 External linkshttps://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html
https://secunia.com/advisories/51307
https://www.debian.org/security/2012/dsa-2578
https://www.openwall.com/lists/oss-security/2012/11/27/15
https://www.securityfocus.com/bid/56708
https://bugzilla.redhat.com/show_bug.cgi?id=877279
https://exchange.xforce.ibmcloud.com/vulnerabilities/80334
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43211
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-2252
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'
MitigationInstall update from vendor's website.
Vulnerable software versionsrssh: 2.0.0 - 2.3.2
CPE2.3- cpe:2.3:a:rssh_sourceforge_net:rssh:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:rssh_sourceforge_net:rssh:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:rssh_sourceforge_net:rssh:2.0.2:*:*:*:*:*:*:*
https://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html
https://osvdb.org/87926
https://secunia.com/advisories/51307
https://secunia.com/advisories/51343
https://www.debian.org/security/2012/dsa-2578
https://www.openwall.com/lists/oss-security/2012/11/27/15
https://www.openwall.com/lists/oss-security/2012/11/28/2
https://www.openwall.com/lists/oss-security/2012/11/28/3
https://www.securityfocus.com/bid/56708
https://bugzilla.redhat.com/show_bug.cgi?id=880177
https://exchange.xforce.ibmcloud.com/vulnerabilities/80335
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
