Debian Security Advisory
DSA-2578-1 rssh -- insufficient filtering of rsync command line
- Date Reported:
- 28 Nov 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-2251, CVE-2012-2252.
- More information:
James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp, sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned:
Incorrect filtering of command line when using rsync protocol. It was for example possible to pass dangerous options after a
--switch. The rsync protocol support has been added in a Debian (and Fedora/Red Hat) specific patch, so this vulnerability doesn't affect upstream.
Incorrect filtering of the
--rshoption: the filter preventing usage of the
--rsh=option would not prevent passing
--rsh. This vulnerability affects upstream code.
For the stable distribution (squeeze), this problem has been fixed in version 2.3.2-13squeeze3.
For the testing distribution (wheezy), this problem has been fixed in version 2.3.3-6.
For the unstable distribution (sid), this problem has been fixed in version 2.3.3-6.
We recommend that you upgrade your rssh packages.