rssh: Access restriction bypass
Gentoo Linux Security Advisory
||GLSA 201311-19 / rssh
||November 28, 2013
||November 28, 2013: 1
All supported architectures
Multiple vulnerabilities have been found in rssh, allowing local
attackers to bypass access restrictions.
rssh is a restricted shell, allowing only a few commands like scp or
sftp. It is often used as a complement to OpenSSH to provide limited
access to users.
Multiple command line parsing and validation vulnerabilities have been
discovered in rssh. Please review the CVE identifiers referenced below
Multiple parsing and validation vulnerabilities can cause the
restrictions set up by rssh to be bypassed.
There is no known workaround at this time.
All rssh users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/rssh-2.3.4"