William F. Mccaw

**Name of the Vulnerable Software and Affected Versions** rssh versions 2.0 through 2.1.x **Description** The issue allows remote authenticated users to determine the existence of files in a directory outside the jail by expanding command line arguments before entering a chroot jail. **Recommendations** For versions 2.0 through 2.1.x, consider restricting access to sensitive directories until a patch is available. As a temporary workaround, limit the ability of remote authenticated users to execute commands that could exploit this issue.