rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
Exploitability
AV:LAC:LAu:NImpact
C:CI:CA:C7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C