Описание
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
A vulnerability was found in rsh. The vulnerability occurs due to bypass restrictions via the filename of [.] or an empty filename. This flaw allows an attacker to modify the permissions of the target directory on the client-side.
Отчет
Red Hat Enterprise Linux 6 and 7 were affected but Out of Support Scope. https://access.redhat.com/support/policy/updates/errata/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | rsh | Out of support scope | ||
| Red Hat Enterprise Linux 7 | rsh | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
Уязвимость компонента rcp.c программы удаленного выполнения NetKit-rsh, позволяющая нарушителю оказать воздействие на целостность данных
5.9 Medium
CVSS3