Debian: 2578-1: rssh: insufficient filtering of r
Nov29
on November 29, 2012
at 3:08 pm
Posted In: Uncategorized
(Nov 27) James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned: [More…]
Comment