Unrated severityNVD Advisory· Published Feb 2, 2021· Updated Aug 5, 2024
CVE-2019-25018
CVE-2019-25018
Description
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- MIT/krb5-appldescription
- osv-coords16 versionspkg:rpm/suse/krb5-appl&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/krb5-appl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.0.3-3.6.1+ 15 more
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
- (no CPE)range: < 1.0.3-3.6.1
Patches
Vulnerability mechanics
References
1- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.