CVE-2019-3464

Summary

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

Affected Software

VendorProductVersion RangeStatus
Debian GNU/LinuxrsshAll versions before 2.3.4-5+deb9u2 and 2.3.4-10affected

Weaknesses

  • Incomplete sanitization of environment variable

ADP Enrichment

CVE Program Container

Additional References

References