CVE-2012-3478Rssh vulnerability

CWE-2647 documents4 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 81.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pizzashack Rssh
Timeline
PublishedAug 31
Latest updateMay 17

Description

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDpizzashack/rssh2.3.2+12

🔴Vulnerability Details

1
GHSA
GHSA-4ffw-7fvq-j2mh: rssh 22022-05-17

💥Exploits & PoCs

1
Exploit-DB
Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Remote Buffer Overflow2012-06-27

💬Community

4
Bugzilla
CVE-2012-2251 rssh: insufficient filtering of -e option for rsync [fedora-all]2012-11-16
Bugzilla
CVE-2012-3478 rssh: possible circumvention of rssh restrictions [fedora-all]2012-05-09
Bugzilla
CVE-2012-3478 rssh: circumvention of rssh restrictions using environment variables2012-05-09
Bugzilla
CVE-2012-3478 rssh: possible circumvention of rssh restrictions [epel-all]2012-05-09
CVE-2012-3478 — Pizzashack Rssh vulnerability | cvebase