Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for rssh by pizzashack

    CVE-2019-3464 (GCVE-0-2019-3464)

    Vulnerability from nvd – Published: 2019-02-06 19:00 – Updated: 2024-09-17 04:29
    VLAI
    Summary
    Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
    Severity
    No CVSS data available.
    CWE
    • Incomplete sanitization of environment variable
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2019/dsa-4382 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/106839 vdb-entryx_refsource_BID
    https://tracker.debian.org/news/1026713/accepted-… x_refsource_MISC
    https://usn.ubuntu.com/3946-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/202007-29 vendor-advisoryx_refsource_GENTOO
    http://seclists.org/fulldisclosure/2021/May/78 mailing-listx_refsource_FULLDISC
    Impacted products
    Vendor Product Version
    Debian GNU/Linux rssh Affected: All versions before 2.3.4-5+deb9u2 and 2.3.4-10
    Create a notification for this product.
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4382"
              },
              {
                "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
              },
              {
                "name": "106839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106839"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
              },
              {
                "name": "USN-3946-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3946-1/"
              },
              {
                "name": "FEDORA-2019-e47add6b2b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
              },
              {
                "name": "FEDORA-2019-d1487c13ac",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
              },
              {
                "name": "FEDORA-2019-bfb407659e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
              },
              {
                "name": "GLSA-202007-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-29"
              },
              {
                "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/78"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rssh",
              "vendor": "Debian GNU/Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incomplete sanitization of environment variable",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T23:06:13.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "DSA-4382",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4382"
            },
            {
              "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
            },
            {
              "name": "106839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106839"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
            },
            {
              "name": "USN-3946-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3946-1/"
            },
            {
              "name": "FEDORA-2019-e47add6b2b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
            },
            {
              "name": "FEDORA-2019-d1487c13ac",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
            },
            {
              "name": "FEDORA-2019-bfb407659e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
            },
            {
              "name": "GLSA-202007-29",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-29"
            },
            {
              "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/78"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2019-02-06T00:00:00",
              "ID": "CVE-2019-3464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "rssh",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian GNU/Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incomplete sanitization of environment variable"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4382",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4382"
                },
                {
                  "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
                },
                {
                  "name": "106839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106839"
                },
                {
                  "name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
                  "refsource": "MISC",
                  "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
                },
                {
                  "name": "USN-3946-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3946-1/"
                },
                {
                  "name": "FEDORA-2019-e47add6b2b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
                },
                {
                  "name": "FEDORA-2019-d1487c13ac",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
                },
                {
                  "name": "FEDORA-2019-bfb407659e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
                },
                {
                  "name": "GLSA-202007-29",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-29"
                },
                {
                  "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/78"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2019-3464",
        "datePublished": "2019-02-06T19:00:00.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:35.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3463 (GCVE-0-2019-3463)

    Vulnerability from nvd – Published: 2019-02-06 19:00 – Updated: 2024-09-17 01:31
    VLAI
    Summary
    Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
    Severity
    No CVSS data available.
    CWE
    • Incomplete sanitization of passed arguments
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2019/dsa-4382 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/106839 vdb-entryx_refsource_BID
    https://tracker.debian.org/news/1026713/accepted-… x_refsource_MISC
    https://usn.ubuntu.com/3946-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/202007-29 vendor-advisoryx_refsource_GENTOO
    http://seclists.org/fulldisclosure/2021/May/78 mailing-listx_refsource_FULLDISC
    Impacted products
    Vendor Product Version
    Debian GNU/Linux rssh Affected: All versions before 2.3.4-5+deb9u2 and 2.3.4-10
    Create a notification for this product.
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4382"
              },
              {
                "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
              },
              {
                "name": "106839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106839"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
              },
              {
                "name": "USN-3946-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3946-1/"
              },
              {
                "name": "FEDORA-2019-e47add6b2b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
              },
              {
                "name": "FEDORA-2019-d1487c13ac",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
              },
              {
                "name": "FEDORA-2019-bfb407659e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
              },
              {
                "name": "GLSA-202007-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-29"
              },
              {
                "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/78"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rssh",
              "vendor": "Debian GNU/Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incomplete sanitization of passed arguments",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T23:06:14.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "DSA-4382",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4382"
            },
            {
              "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
            },
            {
              "name": "106839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106839"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
            },
            {
              "name": "USN-3946-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3946-1/"
            },
            {
              "name": "FEDORA-2019-e47add6b2b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
            },
            {
              "name": "FEDORA-2019-d1487c13ac",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
            },
            {
              "name": "FEDORA-2019-bfb407659e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
            },
            {
              "name": "GLSA-202007-29",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-29"
            },
            {
              "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/78"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2019-02-06T00:00:00",
              "ID": "CVE-2019-3463",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "rssh",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian GNU/Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incomplete sanitization of passed arguments"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4382",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4382"
                },
                {
                  "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
                },
                {
                  "name": "106839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106839"
                },
                {
                  "name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
                  "refsource": "MISC",
                  "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
                },
                {
                  "name": "USN-3946-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3946-1/"
                },
                {
                  "name": "FEDORA-2019-e47add6b2b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
                },
                {
                  "name": "FEDORA-2019-d1487c13ac",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
                },
                {
                  "name": "FEDORA-2019-bfb407659e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
                },
                {
                  "name": "GLSA-202007-29",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-29"
                },
                {
                  "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/78"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2019-3463",
        "datePublished": "2019-02-06T19:00:00.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:33.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1000018 (GCVE-0-2019-1000018)

    Vulnerability from nvd – Published: 2019-02-04 21:00 – Updated: 2025-03-19 19:45
    VLAI
    Summary
    rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:00:19.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
              },
              {
                "name": "DSA-4377",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4377"
              },
              {
                "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
              },
              {
                "name": "USN-3946-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3946-1/"
              },
              {
                "name": "FEDORA-2019-e47add6b2b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
              },
              {
                "name": "FEDORA-2019-d1487c13ac",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
              },
              {
                "name": "FEDORA-2019-bfb407659e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
              },
              {
                "name": "GLSA-202007-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-29"
              },
              {
                "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/78"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2019-01-22T00:00:00.000Z",
          "datePublic": "2019-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-19T19:45:40.057Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
            },
            {
              "name": "DSA-4377",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4377"
            },
            {
              "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
            },
            {
              "name": "USN-3946-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/3946-1/"
            },
            {
              "name": "FEDORA-2019-e47add6b2b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
            },
            {
              "name": "FEDORA-2019-d1487c13ac",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
            },
            {
              "name": "FEDORA-2019-bfb407659e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
            },
            {
              "name": "GLSA-202007-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-29"
            },
            {
              "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/78"
            },
            {
              "url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2019-01-22T21:21:10.024645",
              "DATE_REQUESTED": "2019-01-16T17:31:27",
              "ID": "CVE-2019-1000018",
              "REQUESTER": "security@es.net",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
                  "refsource": "MISC",
                  "url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
                },
                {
                  "name": "DSA-4377",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4377"
                },
                {
                  "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
                },
                {
                  "name": "USN-3946-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3946-1/"
                },
                {
                  "name": "FEDORA-2019-e47add6b2b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
                },
                {
                  "name": "FEDORA-2019-d1487c13ac",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
                },
                {
                  "name": "FEDORA-2019-bfb407659e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
                },
                {
                  "name": "GLSA-202007-29",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-29"
                },
                {
                  "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/78"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-1000018",
        "datePublished": "2019-02-04T21:00:00.000Z",
        "dateReserved": "2019-01-16T00:00:00.000Z",
        "dateUpdated": "2025-03-19T19:45:40.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2252 (GCVE-0-2012-2252)

    Vulnerability from nvd – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/51343 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/51307 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/11/28/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/1… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/11/28/3 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2578 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/56708 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=880177 x_refsource_MISC
    http://osvdb.org/87926 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Date Public
    2012-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:09.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51343"
              },
              {
                "name": "51307",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51307"
              },
              {
                "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
              },
              {
                "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
              },
              {
                "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
              },
              {
                "name": "DSA-2578",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2578"
              },
              {
                "name": "rssh-command-line-command-exec(80335)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
              },
              {
                "name": "56708",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56708"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
              },
              {
                "name": "87926",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/87926"
              },
              {
                "name": "20121127 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "51343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51343"
            },
            {
              "name": "51307",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51307"
            },
            {
              "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
            },
            {
              "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
            },
            {
              "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
            },
            {
              "name": "DSA-2578",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2578"
            },
            {
              "name": "rssh-command-line-command-exec(80335)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
            },
            {
              "name": "56708",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56708"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
            },
            {
              "name": "87926",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/87926"
            },
            {
              "name": "20121127 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2012-2252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51343"
                },
                {
                  "name": "51307",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51307"
                },
                {
                  "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
                },
                {
                  "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
                },
                {
                  "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
                },
                {
                  "name": "DSA-2578",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2578"
                },
                {
                  "name": "rssh-command-line-command-exec(80335)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
                },
                {
                  "name": "56708",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56708"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=880177",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
                },
                {
                  "name": "87926",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/87926"
                },
                {
                  "name": "20121127 Re: rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2012-2252",
        "datePublished": "2013-01-11T01:00:00.000Z",
        "dateReserved": "2012-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:09.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2251 (GCVE-0-2012-2251)

    Vulnerability from nvd – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/51307 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/1… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2578 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/56708 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugzilla.redhat.com/show_bug.cgi?id=877279 x_refsource_CONFIRM
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Date Public
    2012-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:09.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51307",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51307"
              },
              {
                "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
              },
              {
                "name": "DSA-2578",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2578"
              },
              {
                "name": "56708",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56708"
              },
              {
                "name": "rssh-eoption-command-execution(80334)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
              },
              {
                "name": "20121127 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "51307",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51307"
            },
            {
              "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
            },
            {
              "name": "DSA-2578",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2578"
            },
            {
              "name": "56708",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56708"
            },
            {
              "name": "rssh-eoption-command-execution(80334)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
            },
            {
              "name": "20121127 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2012-2251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51307",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51307"
                },
                {
                  "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
                },
                {
                  "name": "DSA-2578",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2578"
                },
                {
                  "name": "56708",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56708"
                },
                {
                  "name": "rssh-eoption-command-execution(80334)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
                },
                {
                  "name": "20121127 Re: rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2012-2251",
        "datePublished": "2013-01-11T01:00:00.000Z",
        "dateReserved": "2012-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:09.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3478 (GCVE-0-2012-3478)

    Vulnerability from nvd – Published: 2012-08-31 18:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.openwall.com/lists/oss-security/2012/11/28/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/08/11/3 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2530 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/50272 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/53430 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2012/08/10/7 mailing-listx_refsource_MLIST
    http://sourceforge.net/mailarchive/message.php?ms… mailing-listx_refsource_MLIST
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Date Public
    2012-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20120508 rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
              },
              {
                "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
              },
              {
                "name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
              },
              {
                "name": "DSA-2530",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2530"
              },
              {
                "name": "50272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50272"
              },
              {
                "name": "53430",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53430"
              },
              {
                "name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
              },
              {
                "name": "[rssh-discuss] 20120508 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
              },
              {
                "name": "20121127 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-01-12T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20120508 rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
            },
            {
              "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
            },
            {
              "name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
            },
            {
              "name": "DSA-2530",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2530"
            },
            {
              "name": "50272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50272"
            },
            {
              "name": "53430",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53430"
            },
            {
              "name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
            },
            {
              "name": "[rssh-discuss] 20120508 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
            },
            {
              "name": "20121127 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20120508 rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
                },
                {
                  "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
                },
                {
                  "name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
                },
                {
                  "name": "DSA-2530",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2530"
                },
                {
                  "name": "50272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50272"
                },
                {
                  "name": "53430",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53430"
                },
                {
                  "name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
                },
                {
                  "name": "[rssh-discuss] 20120508 Re: rssh security announcement",
                  "refsource": "MLIST",
                  "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
                },
                {
                  "name": "20121127 Re: rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3478",
        "datePublished": "2012-08-31T18:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1628 (GCVE-0-2004-1628)

    Vulnerability from nvd – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
    VLAI
    Summary
    Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.pizzashack.org/rssh/ x_refsource_CONFIRM
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://marc.info/?l=bugtraq&m=109855982425122&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/12954 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2004-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:00:37.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pizzashack.org/rssh/"
              },
              {
                "name": "GLSA-200410-28",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
              },
              {
                "name": "20041023 rssh: pizzacode security alert",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
              },
              {
                "name": "rssh-format-string(17831)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
              },
              {
                "name": "12954",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12954"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pizzashack.org/rssh/"
            },
            {
              "name": "GLSA-200410-28",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
            },
            {
              "name": "20041023 rssh: pizzacode security alert",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
            },
            {
              "name": "rssh-format-string(17831)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
            },
            {
              "name": "12954",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12954"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pizzashack.org/rssh/",
                  "refsource": "CONFIRM",
                  "url": "http://www.pizzashack.org/rssh/"
                },
                {
                  "name": "GLSA-200410-28",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
                },
                {
                  "name": "20041023 rssh: pizzacode security alert",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
                },
                {
                  "name": "rssh-format-string(17831)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
                },
                {
                  "name": "12954",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12954"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1628",
        "datePublished": "2005-02-20T05:00:00.000Z",
        "dateReserved": "2005-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:00:37.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3463 (GCVE-0-2019-3463)

    Vulnerability from cvelistv5 – Published: 2019-02-06 19:00 – Updated: 2024-09-17 01:31
    VLAI
    Summary
    Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
    Severity
    No CVSS data available.
    CWE
    • Incomplete sanitization of passed arguments
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2019/dsa-4382 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/106839 vdb-entryx_refsource_BID
    https://tracker.debian.org/news/1026713/accepted-… x_refsource_MISC
    https://usn.ubuntu.com/3946-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/202007-29 vendor-advisoryx_refsource_GENTOO
    http://seclists.org/fulldisclosure/2021/May/78 mailing-listx_refsource_FULLDISC
    Impacted products
    Vendor Product Version
    Debian GNU/Linux rssh Affected: All versions before 2.3.4-5+deb9u2 and 2.3.4-10
    Create a notification for this product.
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4382"
              },
              {
                "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
              },
              {
                "name": "106839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106839"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
              },
              {
                "name": "USN-3946-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3946-1/"
              },
              {
                "name": "FEDORA-2019-e47add6b2b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
              },
              {
                "name": "FEDORA-2019-d1487c13ac",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
              },
              {
                "name": "FEDORA-2019-bfb407659e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
              },
              {
                "name": "GLSA-202007-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-29"
              },
              {
                "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/78"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rssh",
              "vendor": "Debian GNU/Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incomplete sanitization of passed arguments",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T23:06:14.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "DSA-4382",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4382"
            },
            {
              "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
            },
            {
              "name": "106839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106839"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
            },
            {
              "name": "USN-3946-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3946-1/"
            },
            {
              "name": "FEDORA-2019-e47add6b2b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
            },
            {
              "name": "FEDORA-2019-d1487c13ac",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
            },
            {
              "name": "FEDORA-2019-bfb407659e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
            },
            {
              "name": "GLSA-202007-29",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-29"
            },
            {
              "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/78"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2019-02-06T00:00:00",
              "ID": "CVE-2019-3463",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "rssh",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian GNU/Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incomplete sanitization of passed arguments"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4382",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4382"
                },
                {
                  "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
                },
                {
                  "name": "106839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106839"
                },
                {
                  "name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
                  "refsource": "MISC",
                  "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
                },
                {
                  "name": "USN-3946-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3946-1/"
                },
                {
                  "name": "FEDORA-2019-e47add6b2b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
                },
                {
                  "name": "FEDORA-2019-d1487c13ac",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
                },
                {
                  "name": "FEDORA-2019-bfb407659e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
                },
                {
                  "name": "GLSA-202007-29",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-29"
                },
                {
                  "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/78"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2019-3463",
        "datePublished": "2019-02-06T19:00:00.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:33.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3464 (GCVE-0-2019-3464)

    Vulnerability from cvelistv5 – Published: 2019-02-06 19:00 – Updated: 2024-09-17 04:29
    VLAI
    Summary
    Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
    Severity
    No CVSS data available.
    CWE
    • Incomplete sanitization of environment variable
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2019/dsa-4382 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/106839 vdb-entryx_refsource_BID
    https://tracker.debian.org/news/1026713/accepted-… x_refsource_MISC
    https://usn.ubuntu.com/3946-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/202007-29 vendor-advisoryx_refsource_GENTOO
    http://seclists.org/fulldisclosure/2021/May/78 mailing-listx_refsource_FULLDISC
    Impacted products
    Vendor Product Version
    Debian GNU/Linux rssh Affected: All versions before 2.3.4-5+deb9u2 and 2.3.4-10
    Create a notification for this product.
    Date Public
    2019-02-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4382"
              },
              {
                "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
              },
              {
                "name": "106839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106839"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
              },
              {
                "name": "USN-3946-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3946-1/"
              },
              {
                "name": "FEDORA-2019-e47add6b2b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
              },
              {
                "name": "FEDORA-2019-d1487c13ac",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
              },
              {
                "name": "FEDORA-2019-bfb407659e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
              },
              {
                "name": "GLSA-202007-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-29"
              },
              {
                "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/78"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "rssh",
              "vendor": "Debian GNU/Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                }
              ]
            }
          ],
          "datePublic": "2019-02-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incomplete sanitization of environment variable",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T23:06:13.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "DSA-4382",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4382"
            },
            {
              "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
            },
            {
              "name": "106839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106839"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
            },
            {
              "name": "USN-3946-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3946-1/"
            },
            {
              "name": "FEDORA-2019-e47add6b2b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
            },
            {
              "name": "FEDORA-2019-d1487c13ac",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
            },
            {
              "name": "FEDORA-2019-bfb407659e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
            },
            {
              "name": "GLSA-202007-29",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-29"
            },
            {
              "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/78"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2019-02-06T00:00:00",
              "ID": "CVE-2019-3464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "rssh",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian GNU/Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incomplete sanitization of environment variable"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4382",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4382"
                },
                {
                  "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html"
                },
                {
                  "name": "106839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106839"
                },
                {
                  "name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/",
                  "refsource": "MISC",
                  "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/"
                },
                {
                  "name": "USN-3946-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3946-1/"
                },
                {
                  "name": "FEDORA-2019-e47add6b2b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
                },
                {
                  "name": "FEDORA-2019-d1487c13ac",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
                },
                {
                  "name": "FEDORA-2019-bfb407659e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
                },
                {
                  "name": "GLSA-202007-29",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-29"
                },
                {
                  "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/78"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2019-3464",
        "datePublished": "2019-02-06T19:00:00.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:35.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1000018 (GCVE-0-2019-1000018)

    Vulnerability from cvelistv5 – Published: 2019-02-04 21:00 – Updated: 2025-03-19 19:45
    VLAI
    Summary
    rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:00:19.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
              },
              {
                "name": "DSA-4377",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4377"
              },
              {
                "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
              },
              {
                "name": "USN-3946-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3946-1/"
              },
              {
                "name": "FEDORA-2019-e47add6b2b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
              },
              {
                "name": "FEDORA-2019-d1487c13ac",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
              },
              {
                "name": "FEDORA-2019-bfb407659e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
              },
              {
                "name": "GLSA-202007-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-29"
              },
              {
                "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/May/78"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2019-01-22T00:00:00.000Z",
          "datePublic": "2019-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-19T19:45:40.057Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
            },
            {
              "name": "DSA-4377",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4377"
            },
            {
              "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
            },
            {
              "name": "USN-3946-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/3946-1/"
            },
            {
              "name": "FEDORA-2019-e47add6b2b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
            },
            {
              "name": "FEDORA-2019-d1487c13ac",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
            },
            {
              "name": "FEDORA-2019-bfb407659e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
            },
            {
              "name": "GLSA-202007-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-29"
            },
            {
              "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/May/78"
            },
            {
              "url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2019-01-22T21:21:10.024645",
              "DATE_REQUESTED": "2019-01-16T17:31:27",
              "ID": "CVE-2019-1000018",
              "REQUESTER": "security@es.net",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://esnet-security.github.io/vulnerabilities/20190115_rssh",
                  "refsource": "MISC",
                  "url": "https://esnet-security.github.io/vulnerabilities/20190115_rssh"
                },
                {
                  "name": "DSA-4377",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4377"
                },
                {
                  "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1650-1] rssh security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html"
                },
                {
                  "name": "USN-3946-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3946-1/"
                },
                {
                  "name": "FEDORA-2019-e47add6b2b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/"
                },
                {
                  "name": "FEDORA-2019-d1487c13ac",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/"
                },
                {
                  "name": "FEDORA-2019-bfb407659e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/"
                },
                {
                  "name": "GLSA-202007-29",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-29"
                },
                {
                  "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/May/78"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-1000018",
        "datePublished": "2019-02-04T21:00:00.000Z",
        "dateReserved": "2019-01-16T00:00:00.000Z",
        "dateUpdated": "2025-03-19T19:45:40.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2251 (GCVE-0-2012-2251)

    Vulnerability from cvelistv5 – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/51307 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/1… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2578 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/56708 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://bugzilla.redhat.com/show_bug.cgi?id=877279 x_refsource_CONFIRM
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Date Public
    2012-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:09.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51307",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51307"
              },
              {
                "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
              },
              {
                "name": "DSA-2578",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2578"
              },
              {
                "name": "56708",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56708"
              },
              {
                "name": "rssh-eoption-command-execution(80334)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
              },
              {
                "name": "20121127 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "51307",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51307"
            },
            {
              "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
            },
            {
              "name": "DSA-2578",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2578"
            },
            {
              "name": "56708",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56708"
            },
            {
              "name": "rssh-eoption-command-execution(80334)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
            },
            {
              "name": "20121127 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2012-2251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51307",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51307"
                },
                {
                  "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
                },
                {
                  "name": "DSA-2578",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2578"
                },
                {
                  "name": "56708",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56708"
                },
                {
                  "name": "rssh-eoption-command-execution(80334)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
                },
                {
                  "name": "20121127 Re: rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2012-2251",
        "datePublished": "2013-01-11T01:00:00.000Z",
        "dateReserved": "2012-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:09.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2252 (GCVE-0-2012-2252)

    Vulnerability from cvelistv5 – Published: 2013-01-11 01:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/51343 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/51307 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/11/28/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/1… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/11/28/3 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2578 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/56708 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=880177 x_refsource_MISC
    http://osvdb.org/87926 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Date Public
    2012-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:09.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "51343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51343"
              },
              {
                "name": "51307",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51307"
              },
              {
                "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
              },
              {
                "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
              },
              {
                "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
              },
              {
                "name": "DSA-2578",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2578"
              },
              {
                "name": "rssh-command-line-command-exec(80335)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
              },
              {
                "name": "56708",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56708"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
              },
              {
                "name": "87926",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/87926"
              },
              {
                "name": "20121127 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "51343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51343"
            },
            {
              "name": "51307",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51307"
            },
            {
              "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
            },
            {
              "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
            },
            {
              "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
            },
            {
              "name": "DSA-2578",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2578"
            },
            {
              "name": "rssh-command-line-command-exec(80335)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
            },
            {
              "name": "56708",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56708"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
            },
            {
              "name": "87926",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/87926"
            },
            {
              "name": "20121127 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2012-2252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "51343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51343"
                },
                {
                  "name": "51307",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51307"
                },
                {
                  "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
                },
                {
                  "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
                },
                {
                  "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
                },
                {
                  "name": "DSA-2578",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2578"
                },
                {
                  "name": "rssh-command-line-command-exec(80335)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
                },
                {
                  "name": "56708",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56708"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=880177",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
                },
                {
                  "name": "87926",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/87926"
                },
                {
                  "name": "20121127 Re: rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2012-2252",
        "datePublished": "2013-01-11T01:00:00.000Z",
        "dateReserved": "2012-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:09.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3478 (GCVE-0-2012-3478)

    Vulnerability from cvelistv5 – Published: 2012-08-31 18:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.openwall.com/lists/oss-security/2012/11/28/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/08/11/3 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2530 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/50272 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/53430 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2012/08/10/7 mailing-listx_refsource_MLIST
    http://sourceforge.net/mailarchive/message.php?ms… mailing-listx_refsource_MLIST
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Date Public
    2012-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20120508 rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
              },
              {
                "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
              },
              {
                "name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
              },
              {
                "name": "DSA-2530",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2530"
              },
              {
                "name": "50272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50272"
              },
              {
                "name": "53430",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53430"
              },
              {
                "name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
              },
              {
                "name": "[rssh-discuss] 20120508 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
              },
              {
                "name": "20121127 Re: rssh security announcement",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-01-12T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20120508 rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
            },
            {
              "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
            },
            {
              "name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
            },
            {
              "name": "DSA-2530",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2530"
            },
            {
              "name": "50272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50272"
            },
            {
              "name": "53430",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53430"
            },
            {
              "name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
            },
            {
              "name": "[rssh-discuss] 20120508 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
            },
            {
              "name": "20121127 Re: rssh security announcement",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20120508 rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0036.html"
                },
                {
                  "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
                },
                {
                  "name": "[oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/11/3"
                },
                {
                  "name": "DSA-2530",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2530"
                },
                {
                  "name": "50272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50272"
                },
                {
                  "name": "53430",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53430"
                },
                {
                  "name": "[oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/10/7"
                },
                {
                  "name": "[rssh-discuss] 20120508 Re: rssh security announcement",
                  "refsource": "MLIST",
                  "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29235647"
                },
                {
                  "name": "20121127 Re: rssh security announcement",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3478",
        "datePublished": "2012-08-31T18:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1628 (GCVE-0-2004-1628)

    Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
    VLAI
    Summary
    Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.pizzashack.org/rssh/ x_refsource_CONFIRM
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://marc.info/?l=bugtraq&m=109855982425122&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/12954 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2004-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:00:37.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pizzashack.org/rssh/"
              },
              {
                "name": "GLSA-200410-28",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
              },
              {
                "name": "20041023 rssh: pizzacode security alert",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
              },
              {
                "name": "rssh-format-string(17831)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
              },
              {
                "name": "12954",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12954"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pizzashack.org/rssh/"
            },
            {
              "name": "GLSA-200410-28",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
            },
            {
              "name": "20041023 rssh: pizzacode security alert",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
            },
            {
              "name": "rssh-format-string(17831)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
            },
            {
              "name": "12954",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12954"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pizzashack.org/rssh/",
                  "refsource": "CONFIRM",
                  "url": "http://www.pizzashack.org/rssh/"
                },
                {
                  "name": "GLSA-200410-28",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml"
                },
                {
                  "name": "20041023 rssh: pizzacode security alert",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109855982425122\u0026w=2"
                },
                {
                  "name": "rssh-format-string(17831)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17831"
                },
                {
                  "name": "12954",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12954"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1628",
        "datePublished": "2005-02-20T05:00:00.000Z",
        "dateReserved": "2005-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:00:37.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }