FreeBSD : rssh -- arbitrary command execution (65b25acc-e63b-11e1-b81c-001b77d09812)
Low Nessus Plugin ID 61617
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDerek Martin (rssh maintainer) reports :
Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is the one you're attempting to protect with rssh...
SolutionUpdate the affected package.