[PATCH] Add 2010, 2012 Security notices to SECURITY
Brought to you by:
xystrus
Menu
▾
▴
[PATCH] Add 2010, 2012 Security notices to SECURITY
|
From: Spenser T. <tr...@eq...> - 2021-01-17 06:30:23
|
From website http://pizzashack.org/rssh/security.shtml --- SECURITY | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/SECURITY b/SECURITY index 98c1e43..aede2e8 100644 --- a/SECURITY +++ b/SECURITY @@ -8,0 +9,13 @@ have affected rssh since I started developing it. +Nov 27, 2012 +A couple of issues have been discovered with command line parsing and validation, which allow rssh to be bypassed. + + CVE-2012-3478: Improper filtering of environment variables + CVE-2012-2252: Improper filtering of rsync command line + +August 1, 2010 +Almost 5 years without a legitimate security issue reported. + +John Barber reported a problem where, if the system administrator misconfigures rssh by providing two few access bits in the configuration file, the user will be given default permissions (scp) to the entire system, potentially circumventing any configured chroot. Fixing this required a behavior change: In the past, using rssh without a config file would give all users default access to use scp on an unchrooted system. In order to correct the reported bug, this feature has been eliminated, and you must now have a valid configuration file. If no config file exists, all users will be locked out. + +Maarten van der Schrieck noticed a bug where, under conditions which are too far-fetched to describe, the rssh_chroot_helper could crash due to calling fgets with a null pointer. This can not occur with a normal, proper installation of rssh. The code path that causes this can only be reached if the system administrator deliberately installs rssh improperly, and the hoops through which one must jump to get it to occur are substantial, so the security impact here is basically nil. But it is a legitimate bug, so I fixed it nonetheless. + @@ -115 +128 @@ The 2.2.0 release of rssh fixed the problem in question, but was -mistakenly released missing some code for parsing per-user options. +mistakenly released missing some code for parsing per-user options. @@ -198 +210,0 @@ with chroot jails. - -- 2.30.0 -- 7E7B 2078 A241 3205 F469 3B21 0AD4 8D58 F9FB DDC6 Spenser Truex https://equwal.com |