ID CVE-2004-0609
Summary rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.
References
Vulnerable Configurations
  • cpe:2.3:a:rssh:rssh:2.0
    cpe:2.3:a:rssh:rssh:2.0
  • cpe:2.3:a:rssh:rssh:2.1
    cpe:2.3:a:rssh:rssh:2.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A4815970C5CC11D88898000D6111A684.NASL
    description rssh expands command line parameters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains : The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior to entering the chroot jail. This bug DOES NOT allow a user to access any of the files outside the jail, but can allow them to discover what files are in a directory which is outside the jail, if their credentials on the server would normally allow them read/execute access in the specified directory.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 36857
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36857
    title FreeBSD : rssh -- file name disclosure bug (a4815970-c5cc-11d8-8898-000d6111a684)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_RSSH_221.NASL
    description The following package needs to be updated: rssh
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 14814
    published 2004-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14814
    title FreeBSD : rssh -- file name disclosure bug (165)
refmap via4
bid 10574
bugtraq 20040619 Security flaw in rssh
xf rssh-jail-obtain-info(16470)
Last major update 17-10-2016 - 22:46
Published 06-12-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top