oss-sec mailing list archives

Re: rssh: incorrect filtering of command line options

From: Yves-Alexis Perez <corsac () debian org>
Date: Wed, 28 Nov 2012 00:42:45 +0100

On mer., 2012-11-28 at 00:21 +0100, Yves-Alexis Perez wrote:

CVE-2012-2251
        Incorrect filtering of the "--rsh" option: the filter preventing usage of the
        "--rsh=" option would not prevent passing "--rsh". This vulnerability affects
        upstream code.

This is indeed CVE-2012-2252, sorry for that.

Regards,
-- 
Yves-Alexis Perez
 Debian Security

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- Re: rssh: incorrect filtering of command line options Derek Martin (Nov 27)
  - Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)