Debian GNU/Linux rssh, rsync, and rdist util.c security restriction bypass
| debian-rssh-rsync-rdist-bypass-security (25424) |  Medium Risk |
Description:
rssh version 2.3.0 running on Debian GNU/Linux could allow a local attacker to bypass security restrictions caused by an error in util.c. Util.c does not use bracers to make a block, resulting in a check for CVS to always succeed, which allows rsync and rdist to bypass security checks.
Consequences:
Bypass Security
Remedy:
Upgrade to the latest version of rssh (2.3.2 or later), as listed in Debian Bug report logs - #346322. See References.
For Debian GNU/Linux:
Refer to DSA-1109-1 for patch, upgrade, or suggested workaround information. See References.
References:
- Debian Bug report logs - #346322: rssh runs cvs for rdist and rsync, doesn't check cvs -e.
- rssh Web site: rssh - restricted shell for scp/sftp.
- BID-18999: Debian GNU/Linux Rssh Security Bypass Vulnerability
- CVE-2006-1320: util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
- DSA-1109: rssh -- programming error
Platforms Affected:
- Debian Debian Linux 3.1
- pizzashack rssh 2.3.0
Reported:
Mar 24, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net