Описание
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Not Applicable
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Not Applicable
Уязвимые конфигурации
Одно из
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
Уязвимость компонента rcp.c программы удаленного выполнения NetKit-rsh, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2