CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1161

HIGH
7.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile12.01th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Affected Platforms (CPE)

πŸ“¦
Rssh

Rssh

= 2.0
πŸ“¦
Rssh

Rssh

= 2.1
πŸ“¦
Rssh

Rssh

= 2.2
πŸ“¦
Rssh

Rssh

= 2.2.1
πŸ“¦
Rssh

Rssh

= 2.2.2
πŸ’»
Gentoo

Linux

All versions

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110202047507273&w=2
πŸ”— http://marc.info/?l=bugtraq&m=110581113814623&w=2
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
πŸ”— http://www.securityfocus.com/bid/11792
πŸ”— http://marc.info/?l=bugtraq&m=110202047507273&w=2
πŸ”— http://marc.info/?l=bugtraq&m=110581113814623&w=2
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
πŸ”— http://www.securityfocus.com/bid/11792

Related Vulnerabilities

CVE-2019-34639.8

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should...

CVE-2019-34649.8

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell...

CVE-2004-16289.0

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.

CVE-2019-10000187.8

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerab...