CVE-2019-1000018

NameCVE-2019-1000018
Descriptionrssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1650-1, DSA-4377-1
NVD severitymedium (attack range: local)
Debian Bugs919623

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rssh (PTS)jessie2.3.4-4vulnerable
jessie (security)2.3.4-4+deb8u3fixed
stretch (security), stretch2.3.4-5+deb9u3fixed
buster2.3.4-10fixed
sid2.3.4-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rsshsource(unstable)2.3.4-9medium919623
rsshsourcejessie2.3.4-4+deb8u1mediumDLA-1650-1
rsshsourcestretch2.3.4-5+deb9u1mediumDSA-4377-1

Notes

https://sourceforge.net/p/rssh/mailman/message/36519118/
Search for package or bug name: Reporting problems