RCP Shell Utility Arbitrary Command Execution Vulnerability

RCP Shell Utility Arbitrary Command Execution Vulnerability

The RCP shell utility is prone to an arbitrary command-execution vulnerability because the application fails to properly sanitize user-supplied input before using it in a 'system()' function call.

This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of RCP.

NOTE: OpenSSH SCP is a fork of RCP and is known to also be affected by this issue.