CVE-2019-25017

MEDIUM EPSS 69.7%
Published Feb 2, 20215y ago · Modified Jun 17, 20262w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Feb 2, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
69.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
mitkrb5-appl* ≤1.0.3

References 1

  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1131109
    ExploitIssue TrackingThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.