blob: 4613e4d32e6cf90953e935127fe749469eb932c3 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200512-15">
<title>rssh: Privilege escalation</title>
Local users could gain root privileges by chrooting into arbitrary
<product type="ebuild">rssh</product>
<announced>December 27, 2005</announced>
<revised>December 27, 2005: 01</revised>
<package name="app-shells/rssh" auto="yes" arch="*">
<unaffected range="ge">2.3.0</unaffected>
<vulnerable range="lt">2.3.0</vulnerable>
rssh is a restricted shell, allowing only a few commands like scp
or sftp. It is often used as a complement to OpenSSH to provide limited
access to users.
Max Vozeler discovered that the rssh_chroot_helper command allows
local users to chroot into arbitrary directories.
<impact type="high">
A local attacker could exploit this vulnerability to gain root
privileges by chrooting into arbitrary directories.
There is no known workaround at this time.
All rssh users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-shells/rssh-2.3.0&quot;</code>
<uri link="">CVE-2005-3345</uri>
<uri link="">rssh security announcement</uri>
<metadata tag="requester" timestamp="Fri, 23 Dec 2005 10:25:35 +0000">
<metadata tag="submitter" timestamp="Sun, 25 Dec 2005 13:06:13 +0000">
<metadata tag="bugReady" timestamp="Mon, 26 Dec 2005 13:28:20 +0000">