Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200410-28] rssh: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary
rssh: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200410-28
(rssh: Format string vulnerability)
Florian Schilhabel from the Gentoo Linux Security Audit Team found a format
string vulnerability in rssh syslogging of failed commands.
Using a malicious command, it may be possible for a remote authenticated
user to execute arbitrary code on the target machine with user rights,
effectively bypassing any restriction of rssh.
There is no known workaround at this time.
All rssh users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/rssh-2.2.2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.