RSS   Vulnerabilities for 'Rsync'   RSS

2018-01-17
 
CVE-2018-5764

CWE-noinfo
 

 
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

 
2017-12-05
 
CVE-2017-17434

CWE-noinfo
 

 
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

 
 
CVE-2017-17433

CWE-862
 

 
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

 
2017-11-06
 
CVE-2017-16548

CWE-125
 

 
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

 
2017-10-29
 
CVE-2017-15994

CWE-354
 

 
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

 
2015-02-12
 
CVE-2014-9512

CWE-59
 

 
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

 
2014-04-23
 
CVE-2014-2855

CWE-20
 

 
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

 
2011-03-30
 
CVE-2011-1097

CWE-119
 

 
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

 
2008-04-10
 
CVE-2008-1720

CWE-119
 

 
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.

 

 >>> Vendor: Samba 6 Products
Samba
Rsync
PPP
Jitterbug
Samba server
Cifs-utils


Copyright 2024, cxsecurity.com

 

Back to Top