ID CVE-2004-1161
Summary rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
References
Vulnerable Configurations
  • cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rssh:rssh:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rssh:rssh:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rssh:rssh:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rssh:rssh:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rssh:rssh:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rssh:rssh:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:51)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 11792
bugtraq
  • 20041202 rssh and scponly arbitrary command execution
  • 20050115 Re: rssh and scponly arbitrary command execution
gentoo GLSA-200412-01
Last major update 18-10-2016 - 02:51
Published 10-01-2005 - 05:00
Last modified 18-10-2016 - 02:51
Back to Top