ESnet Security
Announcements and other content from the ESnet Security team.
Announcements
RSSH Command Execution Vulnerability (CVE-2019-1000018)
The ESnet Security team is publishing a vulnerability in rssh
. This software is used to restrict SSH access to a system, only allowing a user to scp
files to/from the system. The vulnerability allows such a user to execute arbitrary code as well. For a detailed write-up of how we discovered this issue, see our SANS 2018 Holiday Hack report.
History
Jan 15, 2019: Published RSSH vulnerability.
Jan 14, 2019: Published SANS Holiday Hack report.