PT-2019-6255 · Netkit+1 · Netkit+1

Hiroyuki Yamamori

Published

2019-01-26

Updated

2022-04-22

CVE-2019-7282

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions NetKit versions through 0.17

Description The issue is related to insufficient access restrictions in the rcp.c component of the NetKit-rsh program. It allows a remote attacker to impact data integrity by using an empty filename or a filename of '.'. This can lead to modifying the permissions of the target directory on the client side.

Recommendations For NetKit versions through 0.17, as a temporary workaround, consider restricting the use of the rcp client until a patch is available. Avoid using filenames that could be exploited, such as '.' or empty filenames, in the rcp client.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2022-05963

CVE-2019-7282

DLA-2822-1

MGASA-2021-0525

USN-5327-1

Affected Products

Netkit

Ubuntu

PT-2019-6255 · Netkit+1 · Netkit+1

CVE-2019-7282

Weakness Enumeration

Related Identifiers

Affected Products

References · 27