CVE-2017-15994

Source
Severity Critical
Remote Yes
Type Access restriction bypass
Description
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.
Group Package Affected Fixed Severity Status Ticket
AVG-542 rsync 3.1.2-8 3.1.3pre1-1 Critical Fixed FS#57111
Date Advisory Group Package Severity Description
29 Jan 2018 ASA-201801-21 AVG-542 rsync Critical multiple issues
References
https://git.samba.org/?p=rsync.git;a=blobdiff;f=checksum.c;h=93826944034f5967b7c3b727994d3b54361854b0;hp=8b3883363d64b9a685c13361b2142e7f365259b5;hb=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3;hpb=17b849c97aa24f30d572ac5ea552e8cb5a27e9fe
https://git.samba.org/?p=rsync.git;a=blobdiff;f=authenticate.c;h=a106b0f60a8cb88e37080bc5e2a58ce28c66f379;hp=d60ee20b6b53a9351efbdf175f36525ead220de6;hb=9a480deec4d20277d8e20bc55515ef0640ca1e55;hpb=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
https://git.samba.org/?p=rsync.git;a=blobdiff;f=checksum.c;h=c119f972525341c2165c4b5bcb42612c8c983333;hp=93826944034f5967b7c3b727994d3b54361854b0;hb=c252546ceeb0925eb8a4061315e3ff0a8c55b48b;hpb=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3