QwikSec

Security Database

CVE

CWE

Training

CVE-2017-17433

Published: Dec 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://security.cucumberlinux.com/security/details.php?id=169

x_refsource_CONFIRM

https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.