CVE-2019-7283
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
Se ha descubierto un problema en NetKit hasta la versión 0.17. Para una operación rcp, el servidor escoge qué archivos/directorios se envían al cliente. Sin embargo, el cliente rcp solo realiza la validación superficial del nombre de objeto devuelto. Un servidor rsh malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en un directorio de la máquina rcp del cliente. Esto es similar a CVE-2019-6111.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-31 CVE Reserved
- 2019-01-31 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html | Mailing List | |
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | Mitigation |
URL | Date | SRC |
---|---|---|
https://bugs.debian.org/920486 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netkit Search vendor "Netkit" | Netkit Search vendor "Netkit" for product "Netkit" | <= 0.17 Search vendor "Netkit" for product "Netkit" and version " <= 0.17" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|