Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-17433

Published: 06/12/2017 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Debian Linux

Vulnerability Summary

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development prior to 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote malicious users to bypass intended access restrictions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

samba rsync 3.1.2

Vendor Advisories

Ubuntu Security Notice: rsync vulnerabilities
Several security issues were fixed in rsync ...
Ubuntu Security Notice: rsync vulnerabilities
Several security issues were fixed in rsync ...
Debian CVElist Bug Report Logs: rsync: CVE-2017-16548: receive_xattr heap overread with non null terminated name
Debian Bug report logs - #880954 rsync: CVE-2017-16548: receive_xattr heap overread with non null terminated name Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Nov 2017 09:27:02 UTC Severity: important Tags: fixed-u ...
Debian CVElist Bug Report Logs: rsync: CVE-2017-17433
Debian Bug report logs - #883667 rsync: CVE-2017-17433 Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2017 10:03:05 UTC Severity: important Tags: patch, security, upstream Found in versions rsync/311-1, rsync/ ...
Debian CVElist Bug Report Logs: rsync: CVE-2017-17434
Debian Bug report logs - #883665 rsync: CVE-2017-17434 Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2017 09:57:09 UTC Severity: important Tags: patch, security, upstream Found in versions rsync/311-1, rsync/ ...
Red Hat: CVE-2017-17433
The recv_files function in receiverc in the daemon in rsync 312, and 313-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions ...
Arch Linux Issues:
The recv_files function in receiverc in the daemon in rsync 312, and 313-development before 2017-11-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions ...

References

CWE-862http://security.cucumberlinux.com/security/details.php?id=169https://www.debian.org/security/2017/dsa-4068https://lists.debian.org/debian-lts-announce/2017/12/msg00020.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1522874#c4https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51https://usn.ubuntu.com/3506-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook