Debian Security Advisory
DSA-2578-1 rssh -- insufficient filtering of rsync command line
- Date Reported:
- 28 Nov 2012
- Affected Packages:
- rssh
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-2251, CVE-2012-2252.
- More information:
-
James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp, sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned:
- CVE-2012-2251
Incorrect filtering of command line when using rsync protocol. It was for example possible to pass dangerous options after a
--
switch. The rsync protocol support has been added in a Debian (and Fedora/Red Hat) specific patch, so this vulnerability doesn't affect upstream. - CVE-2012-2252
Incorrect filtering of the
--rsh
option: the filter preventing usage of the--rsh=
option would not prevent passing--rsh
. This vulnerability affects upstream code.
For the stable distribution (squeeze), this problem has been fixed in version 2.3.2-13squeeze3.
For the testing distribution (wheezy), this problem has been fixed in version 2.3.3-6.
For the unstable distribution (sid), this problem has been fixed in version 2.3.3-6.
We recommend that you upgrade your rssh packages.
- CVE-2012-2251