rssh allows an attacker to obtain information outside of jail
| rssh-jail-obtain-info (16470) |  Medium Risk |
Description:
rssh could allow a local attacker to obtain sensitive information. An attacker, with an account that restricts them into a jail, could issue a command for a specific directory outside of the jail to determine what files are in the specified directory.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest version of rssh (2.2.1 or later), available from the rssh Web page. See References.
References:
- BugTraq Mailing List, Sat Jun 19 2004 - 02:41:41 CDT: Security flaw in rssh.
- rssh Web page: rssh - restricted shell for scp/sftp.
- BID-10574: RSSH Information Disclosure Vulnerability
- CVE-2004-0609: rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.
Platforms Affected:
- OpenBSD OpenSSH
- pizzashack rssh 2.0 - 2.1.1
Reported:
Jun 22, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net