rpm package
suse/krb5-appl&distro=HPE Helion OpenStack 8
pkg:rpm/suse/krb5-appl&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-25017 | — | < 1.0.3-3.6.1 | 1.0.3-3.6.1 | Feb 2, 2021 | An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only | ||
| CVE-2019-25018 | — | < 1.0.3-3.6.1 | 1.0.3-3.6.1 | Feb 2, 2021 | In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client sid | ||
| CVE-2020-10188 | — | < 1.0.3-3.3.1 | 1.0.3-3.3.1 | Mar 6, 2020 | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. |
- CVE-2019-25017Feb 2, 2021affected < 1.0.3-3.6.1fixed 1.0.3-3.6.1
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only
- CVE-2019-25018Feb 2, 2021affected < 1.0.3-3.6.1fixed 1.0.3-3.6.1
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client sid
- CVE-2020-10188Mar 6, 2020affected < 1.0.3-3.3.1fixed 1.0.3-3.3.1
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.