CVE-2012-2251 — Improper Input Validation in Rssh

CWE-20 — Improper Input Validation6 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 84.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rssh Pizzashack Rssh

Timeline

PublishedJan 11

Latest updateMay 17

Description

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶Ubunturssh/rssh< 2.3.4-4+1

▶NVDpizzashack/rssh2.3.2

🔴Vulnerability Details

GHSA

GHSA-h2v8-g64c-6cg2: rssh 2↗2022-05-17

▶

OSV

CVE-2012-2251: rssh 2↗2013-01-11

▶

💬Community

Bugzilla

CVE-2012-2251 rssh: bypass of rsync -e option filtering [epel-6]↗2012-11-28

▶

Bugzilla

CVE-2012-2251 rssh: bypass of rsync -e option filtering↗2012-11-26

▶

Bugzilla

CVE-2012-2251 rssh: insufficient filtering of -e option for rsync [fedora-all]↗2012-11-16

▶