How to Buy
This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200412-01
(rssh, scponly: Unrestricted command execution)
Jason Wies discovered that when receiving an authorized command from an
authorized user, rssh and scponly do not filter command-line options
that can be used to execute any command on the target host.
Using a malicious command, it is possible for a remote authenticated
user to execute any command (or upload and execute any file) on the
target machine with user rights, effectively bypassing any restriction
of scponly or rssh.
There is no known workaround at this time.
See also :
All scponly users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/scponly-4.0'
All rssh users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-shells/rssh/rssh-2.2.3'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 15903 (gentoo_GLSA-200412-01.nasl)
CVE ID: CVE-2004-1161CVE-2004-1162
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.