CVE-2019-25017Incorrect Authorization in Krb5-appl

CWE-863Incorrect AuthorizationCWE-20Improper Input Validation4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 30.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
MIT Krb5-appl
Timeline
PublishedFeb 2
Latest updateMay 24

Description

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server ca

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDmit/krb5-appl1.0.3

🔴Vulnerability Details

2
GHSA
GHSA-hj6m-8794-335m: An issue was discovered in rcp in MIT krb5-appl through 12022-05-24
CVEList
CVE-2019-25017: An issue was discovered in rcp in MIT krb5-appl through 12021-02-02

📋Vendor Advisories

1
Red Hat
krb5-appl: Improper validation of object names allows malicious server to overwrite files via rcp client2021-02-02
CVE-2019-25017 — Incorrect Authorization in Krb5-appl | cvebase