CVE-2019-7283 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-7283 Interim 1 17 2025-08-14T02:12:52Z current 2021-05-30T14:24:20Z 2025-08-14T02:12:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-7283 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Server 12 SP4 krb5-appl krb5-appl-clients krb5-appl-servers krb5-appl as a component of SUSE Linux Enterprise High Performance Computing 12 SP4 krb5-appl-clients as a component of SUSE Linux Enterprise Server 12 SP4 krb5-appl-servers as a component of SUSE Linux Enterprise Server 12 SP4 krb5-appl as a component of SUSE Linux Enterprise Server 12 SP4 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. CVE-2019-7283 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N