#VU43211 Input validation error in rssh - CVE-2012-2252

Cybersecurity Help s.r.o.

Published: 2013-01-11 | Updated: 2020-08-11

Vulnerability identifier: #VU43211

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-2252

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
rssh
Server applications / Remote management servers, RDP, SSH

Vendor: rssh.sourceforge.net

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'

Mitigation
Install update from vendor's website.

Vulnerable software versions

rssh: 2.0.0 - 2.3.2

External links
https://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html
https://osvdb.org/87926
https://secunia.com/advisories/51307
https://secunia.com/advisories/51343
https://www.debian.org/security/2012/dsa-2578
https://www.openwall.com/lists/oss-security/2012/11/27/15
https://www.openwall.com/lists/oss-security/2012/11/28/2
https://www.openwall.com/lists/oss-security/2012/11/28/3
https://www.securityfocus.com/bid/56708
https://bugzilla.redhat.com/show_bug.cgi?id=880177
https://exchange.xforce.ibmcloud.com/vulnerabilities/80335

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for rssh

Multiple vulnerabilities in rssh.sourceforge.net rssh