rsshFlaw.txt
rssh, the small shell whose purpose is to restrict users to using scp or sftp, has a bug that allows a user to gather information outside of a chrooted jail unintentionally. Affected versions are 2.0...
View ArticlersshFormat.txt
rssh versions below 2.2.2 suffer from a format string vulnerability that may allow for privilege escalation.
View Articlerssh230.txt
Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and...
View ArticleRSSH Circumvention
Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh.
View ArticleRSSH 2.3.4 Released
RSSH version 2.3.4 was released to address an environment variable manipulation vulnerability and an improper filtering of the rsync command line.
View Article