Created attachment 1535343 [details]
Response from MITRE to my request to add this info to CVE-2019-611
Description of problem:
krb5-appl rcp has the same CVE-2019-6111 vulnerability as openssh scp.
I reported this to firstname.lastname@example.org; they consider this package end-of-life / unsupported.
I have a PoC exploit and partial mitigation patches for src/krb5-appl-1.0.1/bsd/krcp.c
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Apply patch krb5-appl-2019-6111-poc.diff (available on request)
2. Run kshd with now-evil rcp
3.1 rcp remote-host:test.txt .
3.2 rcp remote-host:dirtest.txt .
3.1 mode 0755 ./.badrcp.rc with nc | bash script.
3.2 mode 0755 /tmp/.badrcp.rc with same remote access script.
Requested file, or nothing if remote file non-existant.
My first report to bugzilla.redhat.com, apologies for any mistakes. Not sure how you wanted "Product / Component" categorised. The affected package is available at