Date: Wed, 28 Nov 2012 00:21:03 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Cc: secure-testing-team@...ts.alioth.debian.org, Russ Allbery <rra@...ian.org>, code@...zashack.org, temp66@...il.com Subject: rssh: incorrect filtering of command line options Hi people, I've just released DSA 2578-1 which affects rssh after coordination on the distro list and I'm now posting to oss-sec per policy. Package : rssh Vulnerability : incorrect filtering of command line options Problem type : remote CVE ID : CVE-2012-2251 CVE-2012-2252 James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned: CVE-2012-2251 Incorrect filtering of command line when using rsync protocol. It was for example possible to pass dangerous options after a "--" switch. The rsync protocol support has been added in a Debian (and Fedora/Red Hat) specific patch, so this vulnerability doesn't affect upstream. CVE-2012-2251 Incorrect filtering of the "--rsh" option: the filter preventing usage of the "--rsh=" option would not prevent passing "--rsh". This vulnerability affects upstream code. Regards, -- Yves-Alexis Perez Debian Security Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ