Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-7283

Опубликовано: 31 янв. 2019
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

A vulnerability was found in rsh. The vulnerability occurs due to a possible overwrite of arbitrary files by a malicious rsh server. This flaw allows an attacker or a malicious rsh server (or a Man-in-The-Middle attacker) to overwrite arbitrary files in a directory on the rcp client machine.

Отчет

Red Hat Enterprise Linux 6 and 7 were affected but Out of Support Scope. https://access.redhat.com/support/policy/updates/errata/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6rshOut of support scope
Red Hat Enterprise Linux 7rshOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2070875netkit-rsh: possible overwrite of arbitrary files by a malicious rsh server

EPSS

Процентиль: 48%
0.0025
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-7283

CVSS3: 7.4
ubuntu
около 7 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

nvd логотип

CVE-2019-7283

CVSS3: 7.4
nvd
около 7 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

debian логотип

CVE-2019-7283

CVSS3: 7.4
debian
около 7 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...

github логотип

GHSA-2jpr-cg8h-wpp2

CVSS3: 7.4
github
больше 3 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

fstec логотип

BDU:2022-05872

CVSS3: 7.4
fstec
около 7 лет назад

Уязвимость программы удаленного выполнения NetKit-rsh, связанная с недостатками разграничения доступа, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 48%
0.0025
Низкий

7.4 High

CVSS3