CVE-2019-7282 — MEDIUM (5.9)

Q: How severe is CVE-2019-7282?

CVE-2019-7282 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-7282?

Check the references section above for vendor advisories and patch information. Affected products include: Netkit Netkit, Debian Debian Linux, Fedoraproject Fedora.

Vulnerability Description

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Netkit	Netkit	<= 0.17
Debian	Debian Linux	9.0
Fedoraproject	Fedora	34

References

https://bugs.debian.org/920486ExploitIssue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00016.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtNot Applicable
https://bugs.debian.org/920486ExploitIssue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00016.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtNot Applicable

FAQ

What is CVE-2019-7282?

CVE-2019-7282 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of ...

How severe is CVE-2019-7282?

CVE-2019-7282 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-7282?

Check the references section above for vendor advisories and patch information. Affected products include: Netkit Netkit, Debian Debian Linux, Fedoraproject Fedora.