FreeBSD : rssh -- file name disclosure bug (a4815970-c5cc-11d8-8898-000d6111a684)

Medium Nessus Plugin ID 36857


The remote FreeBSD host is missing a security-related update.


rssh expands command line parameters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains :

The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior to entering the chroot jail. This bug DOES NOT allow a user to access any of the files outside the jail, but can allow them to discover what files are in a directory which is outside the jail, if their credentials on the server would normally allow them read/execute access in the specified directory.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 36857

File Name: freebsd_pkg_a4815970c5cc11d88898000d6111a684.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2009/04/23

Modified: 2015/08/24

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rssh, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/09/21

Vulnerability Publication Date: 2004/06/19

Reference Information

CVE: CVE-2004-0609

BID: 10574

OSVDB: 7239