Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-7283

Опубликовано: 31 янв. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8
CVSS3: 7.4

Описание

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

needed

esm-apps/focal

not-affected

0.17-21
esm-apps/jammy

not-affected

0.17-21
esm-apps/xenial

needed

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]

Показывать по

Ссылки на источники

EPSS

Процентиль: 48%
0.0025
Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-7283

CVSS3: 7.4
redhat
около 7 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

nvd логотип

CVE-2019-7283

CVSS3: 7.4
nvd
около 7 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

debian логотип

CVE-2019-7283

CVSS3: 7.4
debian
около 7 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...

github логотип

GHSA-2jpr-cg8h-wpp2

CVSS3: 7.4
github
больше 3 лет назад

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

fstec логотип

BDU:2022-05872

CVSS3: 7.4
fstec
около 7 лет назад

Уязвимость программы удаленного выполнения NetKit-rsh, связанная с недостатками разграничения доступа, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

EPSS

Процентиль: 48%
0.0025
Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3