Description
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jason Wies · textremotelinux
https://www.exploit-db.com/exploits/24795
References (4)
Core 4
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11792
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110581113814623&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110202047507273&w=2
Scores
EPSS
0.0473
EPSS Percentile
89.5%
Details
Status
published
Products (6)
gentoo/linux
rssh/rssh
2.0
rssh/rssh
2.1
rssh/rssh
2.2
rssh/rssh
2.2.1
rssh/rssh
2.2.2
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026