5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
29.6%
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the
rcp implementation being derived from 1983 rcp, the server chooses which
files/directories are sent to the client. However, the rcp client only
performs cursory validation of the object name returned (only directory
traversal attacks are prevented). A malicious rcp server (or
Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client
target directory. If recursive operation (-r) is performed, the server can
manipulate subdirectories as well (for example, to overwrite the
.ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and
CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped
by a few Linux distributions. The affected code was removed from the
supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Author | Note |
---|---|
sbeattie | krb5-appl was removed before ubuntu 14.04 LTS was released. |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
29.6%