rsync

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A fast and versatile file copying tool for remote and local files
Version 3.2.3-4 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2333 3.2.3-4 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3755 AVG-2333 Medium Yes Arbitrary command execution
A command injection vulnerability was found in Rsync. An attacker can use this vulnerability to execute arbitrary commands on a remote host via arguments...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1374 3.2.3-1 3.2.3-2 High Fixed FS#69051
AVG-542 3.1.2-8 3.1.3pre1-1 Critical Fixed FS#57111
Issue Group Severity Remote Type Description
CVE-2020-14387 AVG-1374 High Yes Man-in-the-middle
A flaw was found in rsync version 3.2.0pre1 to 3.2.4. rsync-ssl does not verify the hostname in the server certificate in openssl mode, so a remote,...
CVE-2018-5764 AVG-542 High Yes Access restriction bypass
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to...
CVE-2017-17434 AVG-542 Medium Yes Access restriction bypass
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the...
CVE-2017-17433 AVG-542 Medium Yes Access restriction bypass
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates...
CVE-2017-16548 AVG-542 High Yes Denial of service
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows...
CVE-2017-15994 AVG-542 Critical Yes Access restriction bypass
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for...

Advisories

Date Advisory Group Severity Type
04 Jan 2021 ASA-202101-1 AVG-1374 High man-in-the-middle
29 Jan 2018 ASA-201801-21 AVG-542 Critical multiple issues