Vulnerability CVE-2012-2252: Information

Description

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

Severity: MEDIUM (4.4)

URL: https://nvd.nist.gov/vuln/detail/CVE-2012-2252
Published: Jan. 11, 2013
Modified: Aug. 29, 2017

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
rsshsisyphus2.3.4-alt22.3.4-alt2ALT-PU-2016-1705-1166554Fixed
rsshp102.3.4-alt22.3.4-alt2ALT-PU-2016-1705-1166554Fixed
rsshp92.3.4-alt22.3.4-alt2ALT-PU-2016-1705-1166554Fixed
rsshp82.3.4-alt22.3.4-alt2ALT-PU-2016-1710-1166654Fixed
rsshc10f12.3.4-alt22.3.4-alt2ALT-PU-2016-1705-1166554Fixed
rsshc9f22.3.4-alt22.3.4-alt2ALT-PU-2016-1705-1166554Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
51343
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=880177
    [oss-security] 20121127 Re: rssh: incorrect filtering of command line options
      DSA-2578
        87926
          20121127 Re: rssh security announcement
            [oss-security] 20121128 Re: rssh: incorrect filtering of command line options
              51307
              • Vendor Advisory
              56708
                [oss-security] 20121128 rssh: incorrect filtering of command line options
                  rssh-command-line-command-exec(80335)

                      1. Configuration 1

                        cpe:2.3:a:pizzashack:rssh:2.1.0:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.0.1:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.3.0:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.0.4:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:*:*:*:*:*:*:*:*
                        End including
                        2.3.3
                        cpe:2.3:a:pizzashack:rssh:2.2.1:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.0.0:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.3.1:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.3.2:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.0.2:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.0.3:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.2.2:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.2.3:*:*:*:*:*:*:*
                        cpe:2.3:a:pizzashack:rssh:2.1.1:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.0
                    Back to top