Mageia 8: Remote Rsh Access Control Vulnerability Discovered on 2021-0525
mageia
November 25, 2021
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of
Summary
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serversto bypass intended access restrictions via the filename of . or an empty
filename. The impact is modifying the permissions of the target directory
on the client side. This is similar to CVE-2018-20685. (CVE-2019-7282)
An issue was discovered in rcp in NetKit through 0.17. For an rcp
operation, the server chooses which files/directories are sent to the
client. However, the rcp client only performs cursory validation of the
object name returned. A malicious rsh server (or Man-in-The-Middle
attacker) can overwrite arbitrary files in a directory on the rcp client
machine. This is similar to CVE-2019-6111. (CVE-2019-7283).
References
- https://bugs.mageia.org/show_bug.cgi?id=29675
- https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html
- https://www.cve.org/CVERecord?id=CVE-2019-7282
- https://www.cve.org/CVERecord?id=CVE-2019-7283
Topics Covered
Resolution
SRPMS
- 8/core/rsh-0.17-36.1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 25 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0525.html
Type: security
CVE: CVE-2019-7282,
CVE-2019-7283
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!