FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rssh -- format string vulnerability

Affected packages
rssh <= 2.2.1

Details

VuXML ID 1f826757-26be-11d9-ad2d-0050fc56d258
Discovery 2004-10-23
Entry 2004-10-25

There is a format string bug in rssh that enables an attacker to execute arbitrary code from an account configured to use rssh. On FreeBSD it is only possible to compromise the rssh running account, not root.

References

Message 20041023084829.GA16819@sophic.org
URL http://www.pizzashack.org/rssh/security.shtml