Advisories

MGASA-2021-0525 - Updated rsh packages fix security vulnerability

Publication date: 25 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0525.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2019-7282,
     CVE-2019-7283

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers
to bypass intended access restrictions via the filename of . or an empty
filename. The impact is modifying the permissions of the target directory
on the client side. This is similar to CVE-2018-20685. (CVE-2019-7282)

An issue was discovered in rcp in NetKit through 0.17. For an rcp
operation, the server chooses which files/directories are sent to the
client. However, the rcp client only performs cursory validation of the
object name returned. A malicious rsh server (or Man-in-The-Middle
attacker) can overwrite arbitrary files in a directory on the rcp client
machine. This is similar to CVE-2019-6111. (CVE-2019-7283).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29675
- https://www.debian.org/lts/security/2021/dla-2822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7282
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7283

SRPMS:
- 8/core/rsh-0.17-36.1.mga8

Mageia 2021-0525: rsh security update

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of

Summary

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. (CVE-2019-7282)
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. (CVE-2019-7283).

Resolution

MGASA-2021-0525 - Updated rsh packages fix security vulnerability

References

- https://bugs.mageia.org/show_bug.cgi?id=29675

- https://www.debian.org/lts/security/2021/dla-2822

Severity
Issued Date: 25 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0525.html
Type: security
CVE: CVE-2019-7282, CVE-2019-7283
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.