You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa rssh

Sigurnosni nedostatak programskog paketa rssh

by - 0

==========================================================================
Ubuntu Security Notice USN-3946-1
April 11, 2019

rssh vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

rssh could be made to run arbitrary commands if it received specially crafted
input.

Software Description:
– rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist

Details:

It was discovered that rssh incorrectly handled certain command-line arguments
and environment variables. An authenticated user could bypass rssh’s command
restrictions, allowing an attacker to run arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
rssh 2.3.4-8ubuntu0.2

Ubuntu 18.04 LTS:
rssh 2.3.4-7ubuntu0.1

Ubuntu 16.04 LTS:
rssh 2.3.4-4+deb8u2ubuntu0.16.04.2

Ubuntu 14.04 LTS:
rssh 2.3.4-4+deb8u2ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3946-1
CVE-2019-1000018, CVE-2019-3463, CVE-2019-3464

Package Information:
https://launchpad.net/ubuntu/+source/rssh/2.3.4-8ubuntu0.2
https://launchpad.net/ubuntu/+source/rssh/2.3.4-7ubuntu0.1
https://launchpad.net/ubuntu/+source/rssh/2.3.4-4+deb8u2ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/rssh/2.3.4-4+deb8u2ubuntu0.14.04.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAlyvm+cACgkQdyg1Qz0o
XX2UPg/+J2o63LpFsR16vW/S823eS/lPJAV/cjh5LRkxRY9dhx4jiNOIsqA2IAFe
spX3esnG65kHTh0Y+asbpCHU/UvjYWw4VLjGqLXQhIm/r0XAA5tR7qUJvXXgULdZ
MarQz+YIuCiTsPw1bQg9yYrTJETvifxxH72oTWRowXOQF+db0SEANxdJoVITY26f
qsVVY16tfbX/IyWavNZjl7XwcdP6JlocuLf17CXFmp7P6aXuaLBQ5zK4zWPCYEOD
cFSXIV5djlqrpfnlLEaFbWvuBFpdVEycu/TY+YmF/zzgjpVF5kbb1j/Vl6KuI/Vf
AKA6s8FDSiblrXwuHw4TJUKPsa0Yy9Irvc1QPl92kbvJXlmXLAUdWyS7I7jxYzNT
40ayB7sU+ehGE2qLt2YNdXuSpQy2h1KALEQcnsp5j5MWvMIOs0lGD96hX0rXHE2I
2+ETctUKLC1ImRUfjlstM3Sibv72cpPY6X0mZFziRbA/ophZO27Pgw8L2nTvQ1kR
q+ciV/9qHZli4NEnhXOLrOYnCmdwHsvUxUgdovu319/yTibi3Ty6A1tTV1oaDNY/
52RYgRYHYsCBLRw10mPPQLRXE8lqTz+/0pAsuViXrx7gu4cVrlJudMU9sejMtvnX
NAUSA/ohbCbeoPX4k/UXsVbjEbj1Vk4yEAibwHiuPqCjTpBxhU8=
=N1Yd
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa apache2

Otkriveni su sigurnosni nedostaci u programskom paketu apache2 za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju zaobilaženje sigurnosnih ograničenja,...

Close