Описание
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-3464
- https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557
- https://security.gentoo.org/glsa/202007-29
- https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable
- https://usn.ubuntu.com/3946-1
- https://www.debian.org/security/2019/dsa-4382
- http://seclists.org/fulldisclosure/2021/May/78
- http://www.securityfocus.com/bid/106839
Связанные уязвимости
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Insufficient sanitization of environment variables passed to rsync can ...
Уязвимость обработчика команды rsync командной оболочки rssh, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольную команду