CVE-2017-17433 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Access restriction bypass |
Description | The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-542 | rsync | 3.1.2-8 | 3.1.3pre1-1 | Critical | Fixed | FS#57111 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
29 Jan 2018 | ASA-201801-21 | AVG-542 | rsync | Critical | multiple issues |
References |
---|
https://git.samba.org/?p=rsync.git;a=commitdiff;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 |