Published: 06/12/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The daemon in rsync 3.1.2, and 3.1.3-development prior to 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote malicious users to bypass intended access restrictions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba rsync
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in rsync ...

Debian Bug report logs - #880954 rsync: CVE-2017-16548: receive_xattr heap overread with non null terminated name Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Nov 2017 09:27:02 UTC Severity: important Tags: fixed-u ...

Debian Bug report logs - #883667 rsync: CVE-2017-17433 Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2017 10:03:05 UTC Severity: important Tags: patch, security, upstream Found in versions rsync/311-1, rsync/ ...

Debian Bug report logs - #883665 rsync: CVE-2017-17434 Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2017 09:57:09 UTC Severity: important Tags: patch, security, upstream Found in versions rsync/311-1, rsync/ ...

The daemon in rsync 312, and 313-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiverc) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsyncc), w ...

ProductsSolutionsSupport and ServicesCompanyHow To BuySupport PortalGo To PortalRegisterForgot Username/Password?English日本語中文</form> {"@context":"schemaorg/","@type":"BreadcrumbList","url":"wwwbroadcomcom/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2074","numberOfItems":5,"itemLi ...

NVD-CWE-noinfo http://security.cucumberlinux.com/security/details.php?id=170 https://www.debian.org/security/2017/dsa-4068 https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1 https://usn.ubuntu.com/3506-2/https://nvd.nist.gov

CVE-2017-17434

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect