Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 115082 - app-shells/rssh possible local root vulnerability (v-s) (CVE-2005-3345)
Summary: app-shells/rssh possible local root vulnerability (v-s) (CVE-2005-3345)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
Depends on:
Reported: 2005-12-10 05:20 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-12-27 07:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

rssh.patch (rssh.patch,65.88 KB, patch)
2005-12-14 10:11 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-10 05:20:12 UTC
Upstream is working on an updated version.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-12-14 10:11:23 UTC
Created attachment 74740 [details, diff]

Full new version patch, from Derek D. Martin (upstream)
We might not need the full thing.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-12-14 10:13:07 UTC
vapier: please extract useful patch and prepare an ebuild (attached here until
embargo release date, set to Dec. 19).
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-12-17 03:05:31 UTC
Two days left, would be good to have something up for testing soon :)
Comment 4 SpanKY gentoo-dev 2005-12-18 20:37:10 UTC
is upstream going to release a new version ?  be much saner to use that than try to rip out a patch i think
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-18 22:32:47 UTC
I think upstream is going to release a new version, but the patch used is attached to this bug.
Comment 6 SpanKY gentoo-dev 2005-12-19 16:56:27 UTC
looks like upstream has made a 2.3.0 release but all the media is broken
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-12-23 02:25:02 UTC
2.3.0 officially released, maybe the media are correct now...
Comment 8 SpanKY gentoo-dev 2005-12-23 20:18:27 UTC

2.3.0 now in portage
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-23 23:40:26 UTC
ok, seems like all needed arches are already stable, ready for glsa
Comment 10 SpanKY gentoo-dev 2005-12-23 23:42:23 UTC
hmm, not on purpose though ... best to have them review ;)
Comment 11 Mark Loeser (RETIRED) gentoo-dev 2005-12-24 11:57:51 UTC
Looks alright on x86
Comment 12 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-25 04:30:21 UTC
Looks good on ppc.
Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-26 04:41:43 UTC
sparc looks fine too.
Comment 14 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-26 05:27:51 UTC
ready for glsa
Comment 15 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-27 07:46:47 UTC
GLSA 200512-15
Thanks to everybody who helped.