A rssh security update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: rssh, scponly: Unrestricted command execution
Date: December 03, 2004
Bugs: #72815, #72816
ID: 200412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell.
Background
=========
rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/scponly < 4.0 >= 4.0
2 app-shells/rssh
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: rssh, scponly: Unrestricted command execution
Date: December 03, 2004
Bugs: #72815, #72816
ID: 200412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell.
Background
=========
rssh and scponly are two restricted shells, allowing only a few predefined commands. They are often used as a complement to OpenSSH to provide access to remote users without providing any remote execution privileges.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/scponly < 4.0 >= 4.0
2 app-shells/rssh
