FreeBSD Local Security Checks : FreeBSD Ports: rssh

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52284

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: rssh

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

rssh, scponly

CVE-2004-1161:
The installed version of rssh does not properly
restrict programs that can be run, which could
allow remote authenticated users to bypass intended
access restrictions and execute arbitrary programs
via (1) rdist -P, (2) rsync, or (3) scp -S.

CVE-2004-1162:
The unison command in scponly before 4.0 does not
properly restrict programs that can be run, which
could allow remote authenticated users to bypass
intended access restrictions and execute arbitrary
programs via the (1) -rshcmd or (2) -sshcmd flags.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1161
BugTraq ID: 11792
http://www.securityfocus.com/bid/11792
Bugtraq: 20041202 rssh and scponly arbitrary command execution (Google Search)
http://marc.info/?l=bugtraq&m=110202047507273&w=2
Bugtraq: 20050115 Re: rssh and scponly arbitrary command execution (Google Search)
http://marc.info/?l=bugtraq&m=110581113814623&w=2
http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml
Common Vulnerability Exposure (CVE) ID: CVE-2004-1162
BugTraq ID: 11791
http://www.securityfocus.com/bid/11791
XForce ISS Database: scponly-commandline-command-execution(18362)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18362

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52284
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: rssh
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: rssh, scponly CVE-2004-1161: The installed version of rssh does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. CVE-2004-1162: The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1161 BugTraq ID: 11792 http://www.securityfocus.com/bid/11792 Bugtraq: 20041202 rssh and scponly arbitrary command execution (Google Search) http://marc.info/?l=bugtraq&m=110202047507273&w=2 Bugtraq: 20050115 Re: rssh and scponly arbitrary command execution (Google Search) http://marc.info/?l=bugtraq&m=110581113814623&w=2 http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml Common Vulnerability Exposure (CVE) ID: CVE-2004-1162 BugTraq ID: 11791 http://www.securityfocus.com/bid/11791 XForce ISS Database: scponly-commandline-command-execution(18362) https://exchange.xforce.ibmcloud.com/vulnerabilities/18362
Copyright	Copyright (C) 2008 E-Soft Inc.