PT-2019-6255 · Netkit+1 · Netkit+1

Hiroyuki Yamamori

Publicado

2019-01-26

Atualizado

2022-04-22

CVE-2019-7282

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions NetKit versions through 0.17

Description The issue is related to insufficient access restrictions in the rcp.c component of the NetKit-rsh program. It allows a remote attacker to impact data integrity by using an empty filename or a filename of '.'. This can lead to modifying the permissions of the target directory on the client side.

Recommendations For NetKit versions through 0.17, as a temporary workaround, consider restricting the use of the rcp client until a patch is available. Avoid using filenames that could be exploited, such as '.' or empty filenames, in the rcp client.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2022-05963

CVE-2019-7282

DLA-2822-1

MGASA-2021-0525

USN-5327-1

Produtos afetados

Netkit

Ubuntu

PT-2019-6255 · Netkit+1 · Netkit+1

CVE-2019-7282

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27