CVE-2012-2252 — Rssh vulnerability

7 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 81.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rssh Pizzashack Rssh

Timeline

PublishedJan 11

Latest updateMay 17

Description

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶Ubunturssh/rssh< 2.3.4-4+1

▶NVDpizzashack/rssh2.3.3+13

🔴Vulnerability Details

GHSA

GHSA-pc72-m8vf-j48v: Incomplete blacklist vulnerability in rssh before 2↗2022-05-17

▶

OSV

CVE-2012-2252: Incomplete blacklist vulnerability in rssh before 2↗2013-01-11

▶

💬Community

Bugzilla

CVE-2012-2252 rssh: incorrect filtering of rsync --rsh command line option [fedora-all]↗2012-11-28

▶

Bugzilla

CVE-2012-2252 rssh: incorrect filtering of rsync --rsh command line option [epel-all]↗2012-11-28

▶

Bugzilla

CVE-2012-2252 rssh: incorrect filtering of rsync --rsh command line option↗2012-11-26

▶

Bugzilla

CVE-2012-2251 rssh: insufficient filtering of -e option for rsync [fedora-all]↗2012-11-16

▶