MGASA-2021-0196 - Updated krb5-appl packages fix security vulnerabilities
Publication date: 23 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0196.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2019-25017,
CVE-2019-25018
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp
implementation being derived from 1983 rcp, the server chooses which
files/directories are sent to the client. However, the rcp client only
performs cursory validation of the object name returned (only directory
traversal attacks are prevented). A malicious rcp server (or
Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client
target directory. If recursive operation (-r) is performed, the server can
manipulate subdirectories as well (for example, to overwrite the
.ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and
CVE-2019-7283 (CVE-2019-25017).
In the rcp client in MIT krb5-appl through 1.0.3 malicious servers could
bypass intended access restrictions via the filename of . or an empty
filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying
the permissions of the target directory on the client side (CVE-2019-25018).
References:
- https://bugs.mageia.org/show_bug.cgi?id=28460
- https://lists.suse.com/pipermail/sle-security-updates/2021-February/008353.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25018
SRPMS:
- 8/core/krb5-appl-1.0.3-13.1.mga8
- 7/core/krb5-appl-1.0.3-10.2.mga7
Mageia 2021-0196: krb5-appl security update
An issue was discovered in rcp in MIT krb5-appl through 1.0.3
Summary
CVE: CVE-2019-25017,
CVE-2019-25018
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp
implementation being derived from 1983 rcp, the server chooses which
files/directories are sent to the client. However, the rcp client only
performs cursory validation of the object name returned (only directory
traversal attacks are prevented). A malicious rcp server (or
Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client
target directory. If recursive operation (-r) is performed, the server can
manipulate subdirectories as well (for example, to overwrite the
.ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and
CVE-2019-7283 (CVE-2019-25017).
In the rcp client in MIT krb5-appl through 1.0.3 malicious servers could
bypass intended access restrictions via the filename of . or an empty
filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying
the permissions of the target directory on the client side (CVE-2019-25018).
Resolution
MGASA-2021-0196 - Updated krb5-appl packages fix security vulnerabilities
References
- https://bugs.mageia.org/show_bug.cgi?id=28460
- https://lists.suse.com/pipermail/sle-security-updates/2021-February/008353.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25018
Severity
Issued Date: 23 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0196.html
Type: security
Affected Mageia releases: 7, 8
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
