Title: Debian GNU/Linux Rssh Security Bypass Vulnerability
Severity: MODERATE
Description:
The rssh package is a remote shell that restricts users to running scp or sftp. It is available for UNIX and Linux operating systems. The rssh program allows utilities such as scp, rsync, sftp-server, and cvs to run on a remote computer. A user can transfer files to and from a remote computer without having complete shell access.
A programming error in the 'util.c' file of the rssh package in Debian GNU/Linux allows rdist and rsync to bypass security. This issue is caused by missing curly braces to make a block in 'util.c'. As a result, rdist and rsync can bypass security controls in 'rssh.conf'.
This vulnerability can also be used to pass -e options to CVS. The error allows cvs to run directly; the security mechanisms normally controlling -e options will be circumvented.
This vulnerability may facilitate privilege escalation, because the error allows rssh's check for CVS to always succeed. An attacker could use this vulnerability to their advantage and bypass existing security limitations and access controls.
Affected Products:
- Debian rssh 2.3.0-1
References:
- Debian: Debian Bug report logs - #346322
- Debian: Debian Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
