CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25017
https://notcve.org/view.php?id=CVE-2019-25017
02 Feb 2021 — An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate... • https://bugzilla.suse.com/show_bug.cgi?id=1131109 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25018
https://notcve.org/view.php?id=CVE-2019-25018
02 Feb 2021 — In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. En el cliente rcp en MI... • https://bugzilla.suse.com/show_bug.cgi?id=1131109 •
CVSS: 10.0EPSS: 96%CPEs: 21EXPL: 8CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
25 Dec 2011 — Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v... • https://packetstorm.news/files/id/180955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 1%CPEs: 16EXPL: 0CVE-2011-1526 – krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)
https://notcve.org/view.php?id=CVE-2011-1526
11 Jul 2011 — ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. ftpd.c en el demonio GSS-API FTP en MIT Kerberos Version 5 Applications (también conocido como krb5-appl) v1.0.1 y anteriores no comprueban el v... • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html • CWE-269: Improper Privilege Management •