MidnightBSD

Advisories for pizzashack

CVE-2004-1628 HIGH

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
pizzashack rssh *
CVE-2019-1000018 MEDIUM

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
fedoraproject fedora 29
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 30
debian debian_linux 8.0
fedoraproject fedora 31
canonical ubuntu_linux 18.10
canonical ubuntu_linux 16.04
debian debian_linux 9.0
pizzashack rssh 2.3.4
CVE-2019-3463 HIGH

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-88,

Products Affected

Vendor Product Version
fedoraproject fedora 29
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 30
debian debian_linux 8.0
fedoraproject fedora 31
canonical ubuntu_linux 18.10
canonical ubuntu_linux 16.04
debian debian_linux 9.0
pizzashack rssh 2.3.4
CVE-2019-3464 HIGH

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-665,

Products Affected

Vendor Product Version
fedoraproject fedora 29
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 30
debian debian_linux 8.0
fedoraproject fedora 31
canonical ubuntu_linux 18.10
canonical ubuntu_linux 16.04
debian debian_linux 9.0
pizzashack rssh 2.3.4