search for: vozeler

...able location. * PLEASE NOTE * This problem was fixed in 2.3.0, but there is another small bug (not security-related) in that version which prompted me to release 2.3.1 today. I will announce that separately in appropriate channels. Please upgrade to the 2.3.1 release, not the 2.3.0 release. Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), the...