Pizzashack Rssh vulnerabilities

CVE-2019-3463 [CRITICAL] CWE-88 CVE-2019-3463: Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

CVE-2019-3464 [CRITICAL] CWE-665 CVE-2019-3464: Insufficient sanitization of environment variables passed to rsync can bypass the restrictions impos Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

CVE-2019-1000018 [HIGH] CWE-77 CVE-2019-1000018: rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

CVE-2012-2252 [MEDIUM] CVE-2012-2252: Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

CVE-2012-2251 [MEDIUM] CWE-20 CVE-2012-2251: rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

CVE-2012-3478 [LOW] CWE-264 CVE-2012-3478: rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted env rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

CVE-2004-1628 [CRITICAL] CWE-134 CVE-2004-1628: Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execu Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.