Bug 820178

Summary: rssh: Possibility to circumvent rssh via clever manipulation environment variables on the ssh command line
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: metherid, xavier
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-10 07:14:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2012-05-09 10:53:07 UTC 
Derek D. Martin of rssh upstream announced the following security flaw being present in recent rssh version:
[1] http://sourceforge.net/mailarchive/message.php?msg_id=29235647
[2] http://www.securityfocus.com/archive/1/522644/30/0/threaded

As of right now, there is further information available.
Comment 2 Tomas Hoger 2012-05-10 07:14:43 UTC 

*** This bug has been marked as a duplicate of bug 820414 ***