Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Nov 2012 00:21:03 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: secure-testing-team@...ts.alioth.debian.org, Russ Allbery
 <rra@...ian.org>,  code@...zashack.org, temp66@...il.com
Subject: rssh: incorrect filtering of command line options

Hi people,

I've just released DSA 2578-1 which affects rssh after coordination on
the distro list and I'm now posting to oss-sec per policy.

Package        : rssh
Vulnerability  : incorrect filtering of command line options
Problem type   : remote
CVE ID         : CVE-2012-2251 CVE-2012-2252 

James Clawson discovered that rssh, a restricted shell for OpenSSH to be used
with scp/sftp, rdist and cvs, was not correctly filtering command line options.
This could be used to force the execution of a remote script and thus allow
arbitrary command execution. Two CVE were assigned:

CVE-2012-2251
	Incorrect filtering of command line when using rsync protocol. It was
	for example possible to pass dangerous options after a "--" switch. The rsync
	protocol support has been added in a Debian (and Fedora/Red Hat) specific
	patch, so this vulnerability doesn't affect upstream.

CVE-2012-2251
	Incorrect filtering of the "--rsh" option: the filter preventing usage of the
	"--rsh=" option would not prevent passing "--rsh". This vulnerability affects
	upstream code.

Regards,
-- 
Yves-Alexis Perez
 Debian Security

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ