CVE-2019-25017
Description
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- MIT/krb5-appldescription
- osv-coords16 versionspkg:rpm/suse/krb5-appl&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.0.3-3.6.1+ 15 more
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
Patches
Vulnerability mechanics
References
1- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.