Vulnerability Name:

CVE-2019-25018 (CCN-196051)

Assigned:2021-02-02
Published:2021-02-02
Updated:2021-07-21
Summary:In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side.
Note: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-863
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2019-25018

Source: CCN
Type: Bugzilla – Bug 1131109
VUL-0: krb5-appl: affects krb5-appl kerberized rcp (related to CVE-2019-6111)

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1131109

Source: XF
Type: UNKNOWN
mit-krb5-cve201925018-sec-bypass(196051)

Source: CCN
Type: krb5-appl GIT Repository
krb5-appl

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mit:krb5-appl:*:*:*:*:*:*:*:* (Version <= 1.0.3)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:57555
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:51166
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:31345
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:89247
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:21413
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:84726
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:59850
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:55296
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:33769
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:127220
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:28940
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:87542
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:82680
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:58084
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:51735
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:31732
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:89505
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:23178
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:85809
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:60454
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:55851
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:34027
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:29473
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:88248
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:83235
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:58901
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:52010
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:32261
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:125655
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:23747
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:86196
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:81106
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:57168
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:34631
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:30028
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:88565
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:84268
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:59592
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:54763
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:33078
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:126823
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:24022
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:86725
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:82147
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    BACK
    mit krb5-appl *