正文

rssh 输入验证错误漏洞

admin
admin V管理员 /0 评论 /11 阅读
0222
此篇文章发布距今已超过1168天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

rssh 输入验证错误漏洞

  • CNNVD编号:CNNVD-201902-129
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2019-3463
  • 漏洞类型: 输入验证错误
  • 发布时间: 2019-02-02
  • 威胁类型: 远程
  • 更新时间: 2021-05-28
  • 厂        商:
  • 漏洞来源: Nick Cleaton

漏洞简介

rssh是一款使用在Linux中的Shell。该产品能够为特定用户提供通过scp和sftp登陆某系统的权限。

rssh中存在安全漏洞,该漏洞源于程序没有充分地过滤传递到rsync的参数。攻击者可利用该漏洞绕过限制,执行任意的shell命令。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:

https://sourceforge.net/projects/rssh/

参考网址

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/T42YYNWJZG422GATWAHAEK4A24OKY557/

来源:BID

链接:http://www.securityfocus.com/bid/106839

来源:GENTOO

链接:https://security.gentoo.org/glsa/202007-29

来源:BID

链接:https://www.securityfocus.com/bid/106839

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/

来源:www.debian.org

链接:https://www.debian.org/security/2019/dsa-4382Third Party Advisory

来源:tracker.debian.org

链接:https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/Third Party Advisory

来源:lists.debian.org

链接:https://lists.debian.org/debian-lts-announce/2019/02/msg00007.htmlMailing ListThird Party Advisory

来源:www.securityfocus.com

链接:http://www.securityfocus.com/bid/106839Third Party AdvisoryVDB Entry

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/

来源:UBUNTU

链接:https://usn.ubuntu.com/3946-1/

来源:FULLDISC

链接:http://seclists.org/fulldisclosure/2021/May/78

来源:www.ubuntu.com

链接:http://www.ubuntu.com/usn/usn-3946-1

来源:security-tracker.debian.org

链接:https://security-tracker.debian.org/tracker/DLA-1660-1

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/78926

来源:www.us-cert.gov

链接:https://www.us-cert.gov/ics/advisories/icsma-19-311-02

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4211/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-3463

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/75134

来源:www.securityfocus.com

链接:http://www.securityfocus.com/bid/106839

受影响实体

    暂无


补丁

    暂无