CVE-2004-1161

rssh <= 2.2.2 - Authenticated Arbitrary Program Execution via rdist, rsync, or scp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1161. PoCs published by Jason Wies.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in rssh by abusing the -e option in rsync and scp commands to execute arbitrary commands. The PoC demonstrates how an attacker can create files or execute scripts on the target system.

Description

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jason Wies · textremotelinux
https://www.exploit-db.com/exploits/24795

This exploit leverages a command injection vulnerability in rssh by abusing the -e option in rsync and scp commands to execute arbitrary commands. The PoC demonstrates how an attacker can create files or execute scripts on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: rssh (all versions)
Auth required
Prerequisites: Valid SSH credentials for a restricted user · rssh configured on the target system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11792
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110581113814623&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110202047507273&w=2

Scores

EPSS 0.0733
EPSS Percentile 93.6%

Details

Status published
Products (6)
gentoo/linux
rssh/rssh 2.0
rssh/rssh 2.1
rssh/rssh 2.2
rssh/rssh 2.2.1
rssh/rssh 2.2.2
Published Jan 10, 2005
Tracked Since Feb 18, 2026