[TOOL] Rssh - Restricted Shell for OpenSSH
From: SecuriTeam (support_at_securiteam.com)
Date: 10/24/04
- Previous message: SecuriTeam: "[EXPL] Ability Server FTP STOR Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 24 Oct 2004 17:06:28 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Rssh - Restricted Shell for OpenSSH
------------------------------------------------------------------------
SUMMARY
DETAILS
<http://www.pizzashack.org/rssh/> rssh is a restricted shell for use with
<http://www.openssh.com/> OpenSSH, allowing only scp and/or sftp. For
example, if you have a server which you only want to allow users to copy
files off of via scp, without providing shell access, you can use rssh to
do that.
Though rssh is written to work with OpenSSH, it will probably work with
other implementations of SSH. Also, rssh is written and tested on Linux
systems, but should compile cleanly and work on any POSIX.2-compliant
system. It is verified to work on the following platforms:
* A wide variety of Linux distributions, on IA32 and IA64 hardware
* Compaq Tru64 Unix
* Solaris 2.x - 8 (under certain conditions -- see the security link)
* AIX 5.1
* HP/UX 11.00 (PA-RISC)
* HP/UX 11.22 (IA64)
* Irix 6.5
Currently, it does not work on (at least most of) the *BSDs, nor on OS X.
They lack the wordexp() function, which rssh uses for command line
argument expansion. Until they have such a function (which is defined by
POSIX.2), rssh will not work with the BSDs out of the box.
Download Information:
To obtain the tool see the
<http://www.pizzashack.org/rssh/downloads.shtml> Download page.
ADDITIONAL INFORMATION
To keep updated with the tool visit the project's homepage at:
<http://www.pizzashack.org/rssh/> http://www.pizzashack.org/rssh/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[EXPL] Ability Server FTP STOR Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Rssh and Scponly Arbitrary Command Execution
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... are designed to allow execution
only of certain preset programs. ... command execution on the remote host is possible.
... rssh allows any of five predefined programs to be executed on the remote ...
(Securiteam) - [UNIX] Rssh Root Privileges Escalation
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Rssh Root Privileges Escalation
... Rssh with SUID chroot allows attackers to gain root accesses and become ...
(Securiteam) - [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The following exploit code utilizes
a vulnerability in phpBB to cause ... This bulletin is sent to members of the SecuriTeam
mailing list. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [EXPL] TinyWeb Server DoS Exploit
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam) - [EXPL] 3Com FTP Server Buffer Overflow (CD)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... overflow in its parsing
of the 'CD' command. ... The information in this bulletin is provided "AS IS" without warranty
of any kind. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam)
