Описание
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.17-17ubuntu0.1 |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 0.17-17ubuntu0.1 |
| esm-apps/focal | not-affected | 0.17-21 |
| esm-apps/jammy | not-affected | 0.17-21 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
Уязвимость компонента rcp.c программы удаленного выполнения NetKit-rsh, позволяющая нарушителю оказать воздействие на целостность данных
4.3 Medium
CVSS2
5.9 Medium
CVSS3