Created attachment 1535343 [details] Response from MITRE to my request to add this info to CVE-2019-611 Description of problem: krb5-appl rcp has the same CVE-2019-6111 vulnerability as openssh scp. I reported this to krbcore-security; they consider this package end-of-life / unsupported. I have a PoC exploit and partial mitigation patches for src/krb5-appl-1.0.1/bsd/krcp.c Version-Release number of selected component (if applicable): krb5-appl-1.0.1-7.el6 krb5-appl-1.0.1-7.el6_2.1.src.rpm How reproducible: Always. Steps to Reproduce: 1. Apply patch krb5-appl-2019-6111-poc.diff (available on request) 2. Run kshd with now-evil rcp 3.1 rcp remote-host:test.txt . 3.2 rcp remote-host:dirtest.txt . Actual results: 3.1 mode 0755 ./.badrcp.rc with nc | bash script. 3.2 mode 0755 /tmp/.badrcp.rc with same remote access script. Expected results: Requested file, or nothing if remote file non-existant. Additional info: My first report to bugzilla.redhat.com, apologies for any mistakes. Not sure how you wanted "Product / Component" categorised. The affected package is available at http://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-appl-1.0.1-7.el6_2.1.src.rpm
I'm sorry for ignoring this long, the report is for a wrong product, but even if the product was filled correctly for RHEL6, it would be closed WONTFIX anyway, because RHEL-6 is already EOL for long time. Closing for now.