Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.3.4-4+deb8u2build0.14.04.1", "binary_name": "rssh" }, { "binary_version": "2.3.4-4+deb8u2build0.14.04.1", "binary_name": "rssh-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.3.4-4+deb8u2build0.16.04.1", "binary_name": "rssh" }, { "binary_version": "2.3.4-4+deb8u2build0.16.04.1", "binary_name": "rssh-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.3.4-7ubuntu0.1", "binary_name": "rssh" }, { "binary_version": "2.3.4-7ubuntu0.1", "binary_name": "rssh-dbgsym" } ] }