Nessus Plugin #15903
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200412-01] rssh, scponly: Unrestricted command execution
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- rssh, scponly: Unrestricted command execution
- Version:
- $Revision: 1.2 $
- Cve_id:
- -
- Bugtraq_id:
- 11791, 11792
- Xrefs:
- GLSA:200412-01
- Description:
- The remote host is affected by the vulnerability described in GLSA-200412-01
(rssh, scponly: Unrestricted command execution)
Jason Wies discovered that when receiving an authorized command
from an authorized user, rssh and scponly do not filter command-line
options that can be used to execute any command on the target host.
Impact
Using a malicious command, it is possible for a remote
authenticated user to execute any command (or upload and execute any
file) on the target machine with user rights, effectively bypassing any
restriction of scponly or rssh.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/archive/1/383046/2004-11-30/2004-12-06/0
Solution:
All scponly users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/scponly-4.0"
Currently, there is no released version of rssh that contains a
fix for these issues. The author declared that he cannot provide a
fixed version at this time. Therefore, the rssh package has been
hard-masked prior to complete removal from Portage, and current users
are advised to unmerge the package.
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.