CVE-2017-15994

Source
Severity Critical
Remote Yes
Type Access restriction bypass
Description
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.
References
https://git.samba.org/?p=rsync.git;a=blobdiff;f=checksum.c;h=93826944034f5967b7c3b727994d3b54361854b0;hp=8b3883363d64b9a685c13361b2142e7f365259b5;hb=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3;hpb=17b849c97aa24f30d572ac5ea552e8cb5a27e9fe
https://git.samba.org/?p=rsync.git;a=blobdiff;f=authenticate.c;h=a106b0f60a8cb88e37080bc5e2a58ce28c66f379;hp=d60ee20b6b53a9351efbdf175f36525ead220de6;hb=9a480deec4d20277d8e20bc55515ef0640ca1e55;hpb=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
https://git.samba.org/?p=rsync.git;a=blobdiff;f=checksum.c;h=c119f972525341c2165c4b5bcb42612c8c983333;hp=93826944034f5967b7c3b727994d3b54361854b0;hb=c252546ceeb0925eb8a4061315e3ff0a8c55b48b;hpb=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3