Описание
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
Ссылки
- ExploitIssue TrackingMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- MitigationNot ApplicableThird Party Advisory
- ExploitIssue TrackingMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- MitigationNot ApplicableThird Party Advisory
Уязвимые конфигурации
EPSS
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
Уязвимость программы удаленного выполнения NetKit-rsh, связанная с недостатками разграничения доступа, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
EPSS
7.4 High
CVSS3
5.8 Medium
CVSS2