CVE-2004-1161

Published: Jan 10, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Affected (6)

Products: Rssh: Rssh · Gentoo: Linux

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Rssh Rssh	Version 2.0
Rssh Rssh	Version 2.1
Rssh Rssh	Version 2.2.1
Rssh Rssh	Version 2.2.2
Rssh Rssh	Version 2.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	All versions

References (8)

http://marc.info/?l=bugtraq&m=110202047507273&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110581113814623&w=2

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/11792

Source: cve@mitre.org

ExploitVendor Advisory

http://marc.info/?l=bugtraq&m=110202047507273&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110581113814623&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200412-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/11792

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.