rssh rssh_chroot_helper command could allow elevated privileges
| rssh-chroot-gain-privileges (23854) |  Medium Risk |
Description:
rssh could allow a local attacker to gain elevated privileges on the system. An attacker could use the rssh_chroot_helper command to chroot into arbitrary restricted directories, and possibly gain root privileges on the system.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of rssh (2.3.0 or later), available from the pizzashack.org Web site. See References.
For Gentoo Linux:
Refer to GLSA 200512-15 for upgrade information See References.
For other distributions:
Contact your vendor for patch or upgrade information.
References:
- pizzashack.org: rssh security implications.
- BID-16050: RSSH RSSH_CHROOT_HELPER Local Privilege Escalation Vulnerability
- CVE-2005-3345: rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
- GLSA-200512-15: rssh: Privilege escalation
- SA18224: rssh "chroot" Directory Privilege Escalation Vulnerability
Platforms Affected:
- Gentoo Linux
- pizzashack rssh prior to 2.3.0
Reported:
Dec 18, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net