Detections
Analytics

FreeBSD : rssh -- file name disclosure bug (a4815970-c5cc-11d8-8898-000d6111a684)

medium Nessus Plugin ID 36857

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

rssh expands command line parameters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains :

The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior to entering the chroot jail. This bug DOES NOT allow a user to access any of the files outside the jail, but can allow them to discover what files are in a directory which is outside the jail, if their credentials on the server would normally allow them read/execute access in the specified directory.

Solution

Update the affected package.

See Also

https://marc.info/?l=bugtraq&m=108787373022844

http://www.nessus.org/u?ee791bcf

Plugin Details

Severity: Medium

ID: 36857

File Name: freebsd_pkg_a4815970c5cc11d88898000d6111a684.nasl

Version: 1.18

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rssh, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2004

Vulnerability Publication Date: 6/19/2004

Reference Information

CVE: CVE-2004-0609

BID: 10574