rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2021/May/78 | Mailing List Not Applicable Third Party Advisory |
https://esnet-security.github.io/vulnerabilities/20190115_rssh | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/ | |
https://security.gentoo.org/glsa/202007-29 | Third Party Advisory |
https://usn.ubuntu.com/3946-1/ | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4377 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 May 2021, 19:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* |
|
References | (GENTOO) https://security.gentoo.org/glsa/202007-29 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/ - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/May/78 - Mailing List, Not Applicable, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/ - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3946-1/ - Third Party Advisory |
27 May 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-02-04 21:29
Updated : 2023-12-10 12:44
NVD link : CVE-2019-1000018
Mitre link : CVE-2019-1000018
CVE.ORG link : CVE-2019-1000018
JSON object : View
Products Affected
canonical
- ubuntu_linux
pizzashack
- rssh
fedoraproject
- fedora
debian
- debian_linux
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')