ByteOS Network

CVE Vulnerability Details :

CVE-2019-3464

PUBLISHED

More Info Official Page

Assigner-debian

Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5

Published At-06 Feb, 2019 | 19:00

Updated At-17 Sep, 2024 | 04:29

▼CVE Numbering Authority (CNA)

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

Affected Products

Vendor

Debian GNU/Linux

Product

rssh

Versions

Affected

All versions before 2.3.4-5+deb9u2 and 2.3.4-10

Problem Types

Type	CWE ID	Description
text	N/A	Incomplete sanitization of environment variable

Type: text

CWE ID: N/A

Description: Incomplete sanitization of environment variable

References

Hyperlink	Resource
https://www.debian.org/security/2019/dsa-4382	vendor-advisory x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html	mailing-list x_refsource_MLIST
http://www.securityfocus.com/bid/106839	vdb-entry x_refsource_BID
https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/	x_refsource_MISC
https://usn.ubuntu.com/3946-1/	vendor-advisory x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/	vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/	vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/	vendor-advisory x_refsource_FEDORA
https://security.gentoo.org/glsa/202007-29	vendor-advisory x_refsource_GENTOO
http://seclists.org/fulldisclosure/2021/May/78	mailing-list x_refsource_FULLDISC

Hyperlink: https://www.debian.org/security/2019/dsa-4382

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.securityfocus.com/bid/106839

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/

Resource:

x_refsource_MISC

Hyperlink: https://usn.ubuntu.com/3946-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://security.gentoo.org/glsa/202007-29

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://seclists.org/fulldisclosure/2021/May/78

Resource:

mailing-list

x_refsource_FULLDISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.debian.org/security/2019/dsa-4382	vendor-advisory x_refsource_DEBIAN x_transferred
https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html	mailing-list x_refsource_MLIST x_transferred
http://www.securityfocus.com/bid/106839	vdb-entry x_refsource_BID x_transferred
https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/	x_refsource_MISC x_transferred
https://usn.ubuntu.com/3946-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/	vendor-advisory x_refsource_FEDORA x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/	vendor-advisory x_refsource_FEDORA x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/	vendor-advisory x_refsource_FEDORA x_transferred
https://security.gentoo.org/glsa/202007-29	vendor-advisory x_refsource_GENTOO x_transferred
http://seclists.org/fulldisclosure/2021/May/78	mailing-list x_refsource_FULLDISC x_transferred

Hyperlink: https://www.debian.org/security/2019/dsa-4382

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.securityfocus.com/bid/106839

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://usn.ubuntu.com/3946-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://security.gentoo.org/glsa/202007-29

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2021/May/78

Resource:

mailing-list

x_refsource_FULLDISC

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References