Name | CVE-2019-1000018 |
Description | rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
References | DLA-1650-1, DSA-4377-1 |
NVD severity | medium (attack range: local) |
Debian Bugs | 919623 |
The table below lists information on source packages.
The information below is based on the following data on fixed versions.