Vulnerabilities > CVE-2019-7283

047910
CVSS 7.4 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
netkit
debian
NVD
Published: 2019-01-31
Updated: 2021-11-23

Summary

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

Vulnerable Configurations

Part Description Count
Application
Netkit
2
OS
Debian
1

References