4.4

CVE-2012-2252

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PizzashackRssh Version <= 2.3.3
PizzashackRssh Version2.0.0
PizzashackRssh Version2.0.1
PizzashackRssh Version2.0.2
PizzashackRssh Version2.0.3
PizzashackRssh Version2.0.4
PizzashackRssh Version2.1.0
PizzashackRssh Version2.1.1
PizzashackRssh Version2.2.1
PizzashackRssh Version2.2.2
PizzashackRssh Version2.2.3
PizzashackRssh Version2.3.0
PizzashackRssh Version2.3.1
PizzashackRssh Version2.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.282
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html
http://www.openwall.com/lists/oss-security/2012/11/28/3
http://secunia.com/advisories/51307
Vendor Advisory
http://www.debian.org/security/2012/dsa-2578
http://www.openwall.com/lists/oss-security/2012/11/27/15
http://www.securityfocus.com/bid/56708
http://osvdb.org/87926
http://secunia.com/advisories/51343
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/28/2
https://bugzilla.redhat.com/show_bug.cgi?id=880177
https://exchange.xforce.ibmcloud.com/vulnerabilities/80335