Vulnerabilities > CVE-2005-3345 - Local Privilege Escalation vulnerability in RSSH RSSH_CHROOT_HELPER
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200512-15.NASL description The remote host is affected by the vulnerability described in GLSA-200512-15 (rssh: Privilege escalation) Max Vozeler discovered that the rssh_chroot_helper command allows local users to chroot into arbitrary directories. Impact : A local attacker could exploit this vulnerability to gain root privileges by chrooting into arbitrary directories. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20356 published 2005-12-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20356 title GLSA-200512-15 : rssh: Privilege escalation NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E34D0C2E9EFB11DAB410000E0C2E438A.NASL description Pizzashack reports : Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed (and rssh_chroot_helper is installed SUID) to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentially mitigating factors, but to be safe you should upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 21525 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21525 title FreeBSD : rssh -- privilege escalation vulnerability (e34d0c2e-9efb-11da-b410-000e0c2e438a)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424
- http://secunia.com/advisories/18224
- http://secunia.com/advisories/18237
- http://securityreason.com/securityalert/308
- http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml
- http://www.pizzashack.org/rssh/security.shtml
- http://www.securityfocus.com/bid/16050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23854