Your submission was sent successfully! Close

CVE-2019-7282

Published: 31 January 2019

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
netkit-rsh
Launchpad, Ubuntu, Debian
bionic
Released (0.17-17ubuntu0.1)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(0.17-21)
groovy Not vulnerable
(0.17-21)
hirsute Not vulnerable
(0.17-21)
impish Not vulnerable
(0.17-21)
jammy Not vulnerable
(0.17-21)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (0.17-20)
xenial Ignored
(end of standard support, was needed)