CVE-2019-7283

Name of the Vulnerable Software and Affected Versions NetKit versions through 0.17

Description The issue allows a malicious rsh server or a Man-in-The-Middle attacker to overwrite arbitrary files in a directory on the rcp client machine due to the rcp client only performing cursory validation of the object name returned by the server. This can lead to data integrity compromise and potentially cause a denial of service.

Recommendations For NetKit versions through 0.17, as a temporary workaround, consider restricting access to the rcp operation until a patch is available. Additionally, restrict the use of the rsh server to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.