Ubuntu Security Notice USN-5327-1
March 15, 2022

netkit-rsh vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS


rsh would allow unintended modification of target directory permissions.

Software Description:
- netkit-rsh: client programs for remote shell connections


Hiroyuki Yamamori discovered that rsh incorrectly handled certain
filenames. If a user or automated system were tricked into connecting to a
malicious rsh server, a remote attacker could possibly use this issue to
modify directory permissions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
rsh-client 0.17-17ubuntu0.1
rsh-server 0.17-17ubuntu0.1

In general, a standard system update will make all the necessary changes.


Package Information: