9 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039689 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. • https://bugs.debian.org/920486 https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. En NetKit hasta la versión 0.17, rcp.c en el cliente rcp permite que los servidores rsh omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. • https://bugs.debian.org/920486 https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DU33YVEDGFDMAZPSRQTRVKSKG4FAX7QB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSEX3TKX2DBUKG4A7VJFDLSMZIBJQZ3G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NA24VQJATZWYV42JG2PQUW7IHIZS7UKP https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263. Una vulnerabilidad de doble liberación en la función getreply en el archivo ftp.c en netkit ftp (netkit-ftp) versión 0.17 20040614 y posteriores, permite que los servidores FTP remotos causar una denegación de servicio (bloqueo de aplicación) y posiblemente tener otro impacto no especificado por medio de algunos tipos de comportamiento del protocolo FTP. NOTA: el problema netkit-ftpd está cubierto por CVE-2007-6263. • http://bugs.gentoo.org/show_bug.cgi?id=199206 http://cvs.fedora.redhat.com/viewcvs/rpms/ftp/F-8/netkit-ftp-0.17-sigseg.patch?view=auto http://marc.info/?l=full-disclosure&m=119704348003382&w=2 http://www.securityfocus.com/bid/26764 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1

The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. La función dataconn en ftpd.c de netkit ftpd (netkit-ftpd) 0.17, al introducir ciertas modificaciones para el soporte SSL, llama a la función fclose sobre un flujo de fichero no inicializado, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) y posiblemente tener algún otro impacto desconocido mediante ciertos comportamientos de FTP sobre SSL, como ha sido demostrado rompiendo una conexión pasiva FTP DATA de forma que provoca un error en la función SSL_accept del servidor. NOTA: el asunto de netkit ftp está cubierto en CVE-2007-5769. • http://bugs.gentoo.org/show_bug.cgi?id=199206 http://marc.info/?l=full-disclosure&m=119704348003382&w=2 http://osvdb.org/41191 http://secunia.com/advisories/28697 http://www.gentoo.org/security/en/glsa/glsa-200801-17.xml http://www.securityfocus.com/bid/26763 • CWE-20: Improper Input Validation •