oss-sec mailing list archives

Re: rssh: incorrect filtering of command line options

From: Yves-Alexis Perez <corsac () debian org>
Date: Wed, 28 Nov 2012 07:17:29 +0100

On mar., 2012-11-27 at 17:40 -0600, Derek Martin wrote:

On Wed, Nov 28, 2012 at 12:21:03AM +0100, Yves-Alexis Perez wrote:

CVE-2012-2251
    Incorrect filtering of command line when using rsync protocol. It was
    for example possible to pass dangerous options after a "--" switch. The rsync
    protocol support has been added in a Debian (and Fedora/Red Hat) specific
    patch, so this vulnerability doesn't affect upstream.

CVE-2012-2251


I believe this one was meant to be CVE-2012-2252...


Yes, sorry for that, I reformated the advisory at the last minute and
did a wrong copy/paste…

    Incorrect filtering of the "--rsh" option: the filter preventing usage of the
    "--rsh=" option would not prevent passing "--rsh". This vulnerability affects
    upstream code.


I've uploaded rssh-2.3.4 to the project's web page, as well as to
sourceforge.  This update includes the fix for CVE-2012-2252, and also
rolls up a fix for CVE-2012-3478, for which I had previously only
posted a patch.  Additionally there are some mostly trivial updates
for code and build clean-up.

Thank you for your time and help on this, it was a pleasure working with
you.

Regards,
-- 
Yves-Alexis Perez
 Debian Security

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- Re: rssh: incorrect filtering of command line options Derek Martin (Nov 27)
  - Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)