10 matches found
EUVD-2023-42154
Malicious code in bioql PyPI...
RHEL 7 : netkit-rsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - netkit-rsh: possible overwrite of arbitrary files by a malicious rsh server CVE-2019-7283 - In NetKit...
CVE-2023-38336
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...
Command injection
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...
CVE-2023-38336
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...
CVE-2023-38336
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...
CVE-2023-38336
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...
CVE-2023-38336
CVE-2023-38336 concerns netkit-rcp in rsh-client 0.17-24 where an rsh server can cause command/file handling issues. The connected Broadcom advisory describes a concrete exploitation: a malicious rsh server (or MITM) can overwrite arbitrary files on the rcp client by abusing the rcp operation’s o...
CVE-2019-7283
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...
CVE-2019-7283
The connected Broadcom advisory confirms CVE-2019-7283 affects NetKit’s rcp up to version 0.17, where the rcp server’s file selection is trusted but the client’s object-name validation is only cursory. A malicious rsh server or MITM can overwrite arbitrary files in a client directory by exploitin...