CyberSec.Space Logo
返回 CVE 浏览器

CVE-2004-1161

HIGH
7.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile12.01th
Published2005年1月10日
Last Modified2026年4月16日

Vulnerability Description

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Affected Platforms (CPE)

📦
Rssh

Rssh

= 2.0
📦
Rssh

Rssh

= 2.1
📦
Rssh

Rssh

= 2.2
📦
Rssh

Rssh

= 2.2.1
📦
Rssh

Rssh

= 2.2.2
💻
Gentoo

Linux

All versions

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110202047507273&w=2
🔗 http://marc.info/?l=bugtraq&m=110581113814623&w=2
🔗 http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
🔗 http://www.securityfocus.com/bid/11792
🔗 http://marc.info/?l=bugtraq&m=110202047507273&w=2
🔗 http://marc.info/?l=bugtraq&m=110581113814623&w=2
🔗 http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
🔗 http://www.securityfocus.com/bid/11792

相关漏洞威胁

CVE-2019-34639.8

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should...

CVE-2019-34649.8

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell...

CVE-2004-16289.0

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.

CVE-2019-10000187.8

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerab...