CVE-2019-7283

Priority
Description
An issue was discovered in rcp in NetKit through 0.17. For an rcp
operation, the server chooses which files/directories are sent to the
client. However, the rcp client only performs cursory validation of the
object name returned. A malicious rsh server (or Man-in-The-Middle
attacker) can overwrite arbitrary files in a directory on the rcp client
machine. This is similar to CVE-2019-6111.
Notes
Package
Upstream:released (0.17-20)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.17-21)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.17-21)
Patches:
Other:https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=920486;filename=fix-CVE-2018-20685-and-CVE-2019-6111.patch;msg=10
More Information

Updated: 2020-09-09 23:30:44 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)