CVE-2019-7283 - OpenCVE

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netkit	Netkit
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:netkit:netkit:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.debian.org/920486	Exploit Issue Tracking Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html	Mailing List Third Party Advisory
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt	Mitigation Not Applicable Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-31T18:00:00

Updated: 2021-11-19T01:06:10

Reserved: 2019-01-31T00:00:00

Link: CVE-2019-7283

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-31T18:29:00.977

Modified: 2021-11-23T22:14:45.077

Link: CVE-2019-7283

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-19T01:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/920486"}, {"tags": ["x_refsource_MISC"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"name": "[debian-lts-announce] 20211118 [SECURITY] [DLA 2822-1] netkit-rsh security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7283", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/920486", "refsource": "MISC", "url": "https://bugs.debian.org/920486"}, {"name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "refsource": "MISC", "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"name": "[debian-lts-announce] 20211118 [SECURITY] [DLA 2822-1] netkit-rsh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7283", "datePublished": "2019-01-31T18:00:00", "dateReserved": "2019-01-31T00:00:00", "dateUpdated": "2021-11-19T01:06:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netkit:netkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2D4663F-3F6E-4A3D-95DB-7E093C3DD825", "versionEndIncluding": "0.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111."}, {"lang": "es", "value": "Se ha descubierto un problema en NetKit hasta la versi\u00f3n 0.17. Para una operaci\u00f3n rcp, el servidor escoge qu\u00e9 archivos/directorios se env\u00edan al cliente. Sin embargo, el cliente rcp solo realiza la validaci\u00f3n superficial del nombre de objeto devuelto. Un servidor rsh malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en un directorio de la m\u00e1quina rcp del cliente. Esto es similar a CVE-2019-6111."}], "id": "CVE-2019-7283", "lastModified": "2021-11-23T22:14:45.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-31T18:29:00.977", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/920486"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00016.html"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Not Applicable", "Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}