Debian Security Advisory
DSA-2530-1 rssh -- shell command injection
- Date Reported:
- 15 Aug 2012
- Affected Packages:
- rssh
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-3478.
- More information:
-
Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
For the stable distribution (squeeze), this problem has been fixed in version 2.3.2-13squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.3.3-5.
We recommend that you upgrade your rssh packages.