[Secure-testing-team] rssh: incorrect filtering of command line options
Derek Martin
code at pizzashack.org
Tue Nov 27 23:40:47 UTC 2012
On Wed, Nov 28, 2012 at 12:21:03AM +0100, Yves-Alexis Perez wrote:
> CVE-2012-2251
> Incorrect filtering of command line when using rsync protocol. It was
> for example possible to pass dangerous options after a "--" switch. The rsync
> protocol support has been added in a Debian (and Fedora/Red Hat) specific
> patch, so this vulnerability doesn't affect upstream.
>
> CVE-2012-2251
I believe this one was meant to be CVE-2012-2252...
> Incorrect filtering of the "--rsh" option: the filter preventing usage of the
> "--rsh=" option would not prevent passing "--rsh". This vulnerability affects
> upstream code.
I've uploaded rssh-2.3.4 to the project's web page, as well as to
sourceforge. This update includes the fix for CVE-2012-2252, and also
rolls up a fix for CVE-2012-3478, for which I had previously only
posted a patch. Additionally there are some mostly trivial updates
for code and build clean-up.
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20121127/f884f864/attachment.pgp>
More information about the Secure-testing-team
mailing list