CVE-2019-3463

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0000%

EPSS Percentile13.10th

PublishedFeb 6, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

= 18.10

References & Advisories

🔗 http://seclists.org/fulldisclosure/2021/May/78

🔗 http://www.securityfocus.com/bid/106839

🔗 https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/

🔗 https://security.gentoo.org/glsa/202007-29

🔗 https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/

Vulnerability Description

Affected Platforms (CPE)

Rssh

Debian Linux

Debian Linux

Fedora

Fedora

Fedora

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

References & Advisories

Related Vulnerabilities