Описание
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.3.4-7ubuntu0.1 |
| cosmic | released | 2.3.4-8ubuntu0.2 |
| devel | DNE | |
| esm-apps/bionic | released | 2.3.4-7ubuntu0.1 |
| esm-apps/xenial | released | 2.3.4-4+deb8u2ubuntu0.16.04.2 |
| esm-infra-legacy/trusty | released | 2.3.4-4+deb8u2ubuntu0.14.04.2 |
| precise/esm | DNE | |
| trusty | released | 2.3.4-4+deb8u2ubuntu0.14.04.2 |
| trusty/esm | released | 2.3.4-4+deb8u2ubuntu0.14.04.2 |
| upstream | released | 2.3.4-10 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Insufficient sanitization of environment variables passed to rsync can ...
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Уязвимость обработчика команды rsync командной оболочки rssh, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольную команду
7.5 High
CVSS2
9.8 Critical
CVSS3