Lucene search

K

Veracode Vulnerability DatabaseVERACODE:31030

HistoryJun 23, 2021 - 12:52 a.m.

Arbitrary Command Execution

2021-06-2300:52:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

rssh

vulnerability

command execution

environment variables

rsync

EPSS

0.009

Percentile

83.3%

rssh is vulnerable to arbitrary command execution. An attacker is able to bypass restrictions imposed by rssh due to insufficient sanitization of environment variables that are passed to rsync, resulting in the execution of arbitrary shell commands.

References

seclists.org/fulldisclosure/2021/May/78

www.securityfocus.com/bid/106839

lists.debian.org/debian-lts-announce/2019/02/msg00007.html

lists.fedoraproject.org/archives/list/[email protected]/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/

lists.fedoraproject.org/archives/list/[email protected]/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/

lists.fedoraproject.org/archives/list/[email protected]/message/T42YYNWJZG422GATWAHAEK4A24OKY557/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

security.gentoo.org/glsa/202007-29

tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/

usn.ubuntu.com/3946-1/

www.debian.org/security/2019/dsa-4382

EPSS

0.009

Percentile

83.3%

Related for VERACODE:31030

cve1 alpinelinux1 prion1 ubuntucve1 debiancve1 osv3 cvelist1 nvd1 nessus8 debian2 openvas6 gentoo1 fedora3 amazon1 freebsd1 ubuntu1 packetstorm1 korelogic1 zdt1 ics1