Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717794 (CVE-2019-7282, CVE-2019-7283) - net-misc/netkit-rsh: Access restrictions bypass (CVE-2019-{7282,7283})
Summary: net-misc/netkit-rsh: Access restrictions bypass (CVE-2019-{7282,7283})
Status: IN_PROGRESS
Alias: CVE-2019-7282, CVE-2019-7283
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugs.debian.org/cgi-bin/bugre...
Whiteboard: B4 [upstream/ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-17 04:36 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-25 18:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 04:36:44 UTC
CVE-2019-7282 (https://nvd.nist.gov/vuln/detail/CVE-2019-7282):
  In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to
  bypass intended access restrictions via the filename of . or an empty
  filename. The impact is modifying the permissions of the target directory on
  the client side. This is similar to CVE-2018-20685.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 04:38:27 UTC
CVE-2019-7283 (https://nvd.nist.gov/vuln/detail/CVE-2019-7283):
  An issue was discovered in rcp in NetKit through 0.17. For an rcp operation,
  the server chooses which files/directories are sent to the client. However,
  the rcp client only performs cursory validation of the object name returned.
  A malicious rsh server (or Man-in-The-Middle attacker) can overwrite
  arbitrary files in a directory on the rcp client machine. This is similar to
  CVE-2019-6111.
Comment 2 John Helmert III (ajak) 2020-07-25 18:56:40 UTC
Ping. Looks like there's patch(es) available?