CVE-2019-25018 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-25018 Interim 1 29 2025-08-14T01:51:41Z current 2021-05-30T14:34:31Z 2025-08-14T01:51:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-25018 In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-February/008353.html E-Mail link for SUSE-SU-2021:0527-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 krb5-appl krb5-appl-clients krb5-appl-clients-1.0.3-3.6.1 krb5-appl-servers krb5-appl-servers-1.0.3-3.6.1 krb5-appl-clients-1.0.3-3.6.1 as a component of HPE Helion OpenStack 8 krb5-appl-servers-1.0.3-3.6.1 as a component of HPE Helion OpenStack 8 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-ESPOS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-ESPOS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-ESPOS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-ESPOS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 7 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 7 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 8 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 8 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 9 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 9 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 krb5-appl as a component of SUSE Linux Enterprise High Performance Computing 12 SP4 krb5-appl-clients as a component of SUSE Linux Enterprise Server 12 SP4 krb5-appl-servers as a component of SUSE Linux Enterprise Server 12 SP4 krb5-appl as a component of SUSE Linux Enterprise Server 12 SP4 In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. CVE-2019-25018 HPE Helion OpenStack 8:krb5-appl-clients-1.0.3-3.6.1 HPE Helion OpenStack 8:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-ESPOS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-ESPOS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-ESPOS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-ESPOS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-TERADATA:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-TERADATA:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP5:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP5:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 7:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 7:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 8:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 8:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 9:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 9:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 8:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 8:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 9:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 9:krb5-appl-servers-1.0.3-3.6.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N