CVE-2019-3463

Summary

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

Affected Software

VendorProductVersion RangeStatus
Debian GNU/LinuxrsshAll versions before 2.3.4-5+deb9u2 and 2.3.4-10affected

Weaknesses

  • Incomplete sanitization of passed arguments

ADP Enrichment

CVE Program Container

Additional References

References