6 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039689 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. • https://bugs.debian.org/920486 https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. En NetKit hasta la versión 0.17, rcp.c en el cliente rcp permite que los servidores rsh omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. • https://bugs.debian.org/920486 https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU33YVEDGFDMAZPSRQTRVKSKG4FAX7QB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSEX3TKX2DBUKG4A7VJFDLSMZIBJQZ3G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA24VQJATZWYV42JG2PQUW7IHIZS7UKP https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. ftpd en Linux Netkit (linux-ftpd) 0.17, y posiblemente otras versiones, no comprueba el estado que retornan ciertas llamadas a seteuid, setgid, y setuid, lo cual permite a usuarios remotos autenticados obtener privilegios si esas llamadas fallan en casos como fallos PAM o limitación de recursos, una vulnerabilidad diferente que CVE-2006-5778. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 http://bugs.gentoo.org/show_bug.cgi?id=150292 http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz http://secunia.com/advisories/22816 http://secunia.com/advisories/22853 http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554. telnetd de netkit 0.17 y anteriores y posiblemente otras versiones, en Debian GNU/Linux, permite a atacantes remotos causar una denegación de servicio (liberación de puntero no válido), una vulnerabilidad distinta de CVE-2001-0554. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=273694 http://www.debian.org/security/2004/dsa-556 http://www.securityfocus.com/archive/1/375743 https://exchange.xforce.ibmcloud.com/vulnerabilities/17540 •