[Secure-testing-team] rssh: incorrect filtering of command line options
Yves-Alexis Perez
corsac at debian.org
Wed Nov 28 06:17:29 UTC 2012
On mar., 2012-11-27 at 17:40 -0600, Derek Martin wrote:
> On Wed, Nov 28, 2012 at 12:21:03AM +0100, Yves-Alexis Perez wrote:
> > CVE-2012-2251
> > Incorrect filtering of command line when using rsync protocol. It was
> > for example possible to pass dangerous options after a "--" switch. The rsync
> > protocol support has been added in a Debian (and Fedora/Red Hat) specific
> > patch, so this vulnerability doesn't affect upstream.
> >
> > CVE-2012-2251
>
> I believe this one was meant to be CVE-2012-2252...
Yes, sorry for that, I reformated the advisory at the last minute and
did a wrong copy/paste…
>
> > Incorrect filtering of the "--rsh" option: the filter preventing usage of the
> > "--rsh=" option would not prevent passing "--rsh". This vulnerability affects
> > upstream code.
>
> I've uploaded rssh-2.3.4 to the project's web page, as well as to
> sourceforge. This update includes the fix for CVE-2012-2252, and also
> rolls up a fix for CVE-2012-3478, for which I had previously only
> posted a patch. Additionally there are some mostly trivial updates
> for code and build clean-up.
>
Thank you for your time and help on this, it was a pleasure working with
you.
Regards,
--
Yves-Alexis Perez
Debian Security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20121128/5b5160cd/attachment.pgp>
More information about the Secure-testing-team
mailing list