|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200410-28] rssh: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary rssh: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200410-28
(rssh: Format string vulnerability)
Florian Schilhabel from the Gentoo Linux Security Audit Team found a format
string vulnerability in rssh syslogging of failed commands.
Impact
Using a malicious command, it may be possible for a remote authenticated
user to execute arbitrary code on the target machine with user rights,
effectively bypassing any restriction of rssh.
Workaround
There is no known workaround at this time.
References:
http://www.pizzashack.org/rssh/security.shtml
Solution:
All rssh users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/rssh-2.2.2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|