Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Apr 16, 2026

CVE-2004-1161

Description

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Affected products

Rssh/Rssh5 versions
cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:rssh:rssh:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:rssh:rssh:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rssh:rssh:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:rssh:rssh:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rssh:rssh:2.2.2:*:*:*:*:*:*:*
Gentoo/Linux
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gentoo.org/security/en/glsa/glsa-200412-01.xmlnvdPatchVendor Advisory
www.securityfocus.com/bid/11792nvdExploitVendor Advisory
marc.infonvd
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000