FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rssh -- arbitrary command execution

Affected packages
rssh < 2.3.4

Details

VuXML ID 65b25acc-e63b-11e1-b81c-001b77d09812
Discovery 2012-05-08
Entry 2012-08-22

Derek Martin (rssh maintainer) reports:

Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is the one you're attempting to protect with rssh...

References

Bugtraq ID 53430
CVE Name CVE-2012-3478
URL http://sourceforge.net/mailarchive/message.php?msg_id=29235647