Summary: | <net-misc/netkit-rsh-0.17-r12: Access restrictions bypass (CVE-2019-{7282,7283}) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | ajak, hlein, proxy-maint | ||||
Priority: | Normal | Keywords: | PullRequest | ||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920486 | ||||||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=741456 https://github.com/gentoo/gentoo/pull/21380 |
||||||
Whiteboard: | B4 [glsa? cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 810664 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
GLSAMaker/CVETool Bot
2020-04-17 04:36:44 UTC
CVE-2019-7283 (https://nvd.nist.gov/vuln/detail/CVE-2019-7283): An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. Ping. Looks like there's patch(es) available? Created attachment 716940 [details, diff]
Patch that needs adding to netkit-rsh-0.17-patches-3.tar.lzma
Patch that needs adding to netkit-rsh-0.17-patches-3.tar.lzma.
I created an update in my local repository as net-misc/netkit-rsh-0.17-r12, add
attached patch to netkit-rsh-0.17-patches-4.tar.lzma and tested OK.
I use netkit-rsh to do backups across my local network. rsh is quicker than ssh and greener.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=231787a2484df850fe2299a25ef3e715c00c0358 commit 231787a2484df850fe2299a25ef3e715c00c0358 Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2021-06-22 23:14:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-25 00:31:15 +0000 net-misc/netkit-rsh: security fix, add myself as p-m This updates one of our existing patches with Debian's fix for CVE-2019-7282 and CVE-2019-7283. Minor other cleanups. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/717794 Closes: https://bugs.gentoo.org/710960 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Sam James <sam@gentoo.org> .../netkit-rsh/files/patches/000_all_sectty.patch | 32 +++ .../netkit-rsh/files/patches/010_all_rexec.patch | 55 +++++ .../netkit-rsh/files/patches/020_all_stdarg.patch | 43 ++++ .../netkit-rsh/files/patches/030_all_jbj.patch | 33 +++ .../netkit-rsh/files/patches/040_all_jbj4.patch | 14 ++ .../netkit-rsh/files/patches/050_all_prompt.patch | 37 +++ .../files/patches/060_all_rlogin-rsh.patch | 10 + .../netkit-rsh/files/patches/070_all_nokrb.patch | 231 +++++++++++++++++++ .../netkit-rsh/files/patches/080_all_jbj5.patch | 29 +++ .../files/patches/090_all_userandhost.patch | 70 ++++++ .../netkit-rsh/files/patches/100_all_strip.patch | 66 ++++++ .../netkit-rsh/files/patches/110_all_lfs.patch | 25 ++ .../netkit-rsh/files/patches/120_all_chdir.patch | 57 +++++ .../files/patches/130_all_pam-nologin.patch | 14 ++ .../files/patches/140_all_nohostcheck.patch | 134 +++++++++++ .../files/patches/150_all_rexec-netrc.patch | 251 +++++++++++++++++++++ .../files/patches/160_all_pam-sess.patch | 12 + .../netkit-rsh/files/patches/170_all_errno.patch | 51 +++++ .../files/patches/180_all_rexec-sig.patch | 17 ++ .../netkit-rsh/files/patches/190_all_nohost.patch | 63 ++++++ .../netkit-rsh/files/patches/200_all_ignchld.patch | 22 ++ .../files/patches/210_all_checkdir-r1.patch | 23 ++ .../netkit-rsh/files/patches/220_all_fbsd.patch | 222 ++++++++++++++++++ .../netkit-rsh/files/patches/230_all_MAX_ARG.patch | 96 ++++++++ net-misc/netkit-rsh/metadata.xml | 9 +- net-misc/netkit-rsh/netkit-rsh-0.17-r12.ebuild | 78 +++++++ 26 files changed, 1693 insertions(+), 1 deletion(-) Unable to check for sanity:
> no match for package: net-misc/netkit-rsh-0.17-r12
Let's go ahead with stabilisation now. commit 27d615c67745d0569e92a7fe38acf8c8e378441e Author: Sam James <sam@gentoo.org> Date: Wed Jun 30 19:38:58 2021 +0100 net-misc/netkit-rsh: add missing libcrypt dependency Signed-off-by: Sam James <sam@gentoo.org> rename net-misc/netkit-rsh/{netkit-rsh-0.17-r11.ebuild => netkit-rsh-0.17-r13.ebuild} (97%) rename net-misc/netkit-rsh/{netkit-rsh-0.17-r12.ebuild => netkit-rsh-0.17-r14.ebuild} (98%) So, seems like we should be stabilizing r14? Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aaf273e56574bdea935812a6971cb837e4a4955d commit aaf273e56574bdea935812a6971cb837e4a4955d Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-17 20:26:29 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 20:36:45 +0000 net-misc/netkit-rsh: drop 0.17-r13 Bug: https://bugs.gentoo.org/717794 Signed-off-by: John Helmert III <ajak@gentoo.org> net-misc/netkit-rsh/Manifest | 1 - net-misc/netkit-rsh/files/rexec.pamd-pambase | 6 -- net-misc/netkit-rsh/files/rexec.xinetd | 12 ---- net-misc/netkit-rsh/files/rlogin.pamd-pambase | 9 --- net-misc/netkit-rsh/files/rlogin.xinetd | 12 ---- net-misc/netkit-rsh/files/rsh.pamd-pambase | 11 ---- net-misc/netkit-rsh/files/rsh.xinetd | 12 ---- net-misc/netkit-rsh/netkit-rsh-0.17-r13.ebuild | 78 -------------------------- 8 files changed, 141 deletions(-) Can this security bug be closed please? The fix for this security bug was merged almost 1.5 years ago and the vulnerable version was removed over a year ago. If a GLSA is needed, please let me know if I can help. I would think it'd be overkill/irrelevant at this point but I'm fine with whatever. Indeed, impact is low and much time has passed so no GLSA. All done. |