7 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-7282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The...
RHEL 7 : netkit-rsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - netkit-rsh: possible overwrite of arbitrary files by a malicious rsh server CVE-2019-7283 - In NetKit...
Huawei EulerOS: Security Advisory for rsh (EulerOS-SA-2022-1949)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : rsh (EulerOS-SA-2022-1949)
According to the versions of the rsh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty...
Design/Logic Flaw
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT...
CVE-2019-7282
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685...
CVE-2019-7282
CVE-2019-7282 (netkit-rsh) affects the netkit-rsh client. The Debian LTS advisory (DLA-2822-1) states that two issues exist due to insufficient input validation in path names sent by the server, allowing a malicious server to perform arbitrary file overwrites in the target directory or to modify ...