ID CVE-2018-5764
Summary The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
References
Vulnerable Configurations
  • Samba Rsync 1.6.4
    cpe:2.3:a:samba:rsync:1.6.4
  • Samba Rsync 1.6.5
    cpe:2.3:a:samba:rsync:1.6.5
  • Samba Rsync 1.6.6
    cpe:2.3:a:samba:rsync:1.6.6
  • Samba Rsync 1.6.7
    cpe:2.3:a:samba:rsync:1.6.7
  • Samba Rsync 1.6.8
    cpe:2.3:a:samba:rsync:1.6.8
  • Samba Rsync 1.6.9
    cpe:2.3:a:samba:rsync:1.6.9
  • Samba Rsync 1.7.0
    cpe:2.3:a:samba:rsync:1.7.0
  • Samba Rsync 1.7.1
    cpe:2.3:a:samba:rsync:1.7.1
  • Samba Rsync 1.7.2
    cpe:2.3:a:samba:rsync:1.7.2
  • Samba Rsync 1.7.3
    cpe:2.3:a:samba:rsync:1.7.3
  • Samba Rsync 1.7.4
    cpe:2.3:a:samba:rsync:1.7.4
  • Samba Rsync 2.0.0
    cpe:2.3:a:samba:rsync:2.0.0
  • Samba Rsync 2.0.1
    cpe:2.3:a:samba:rsync:2.0.1
  • Samba Rsync 2.0.2
    cpe:2.3:a:samba:rsync:2.0.2
  • Samba Rsync 2.0.3
    cpe:2.3:a:samba:rsync:2.0.3
  • Samba Rsync 2.0.4
    cpe:2.3:a:samba:rsync:2.0.4
  • Samba Rsync 2.0.5
    cpe:2.3:a:samba:rsync:2.0.5
  • Samba Rsync 2.0.6
    cpe:2.3:a:samba:rsync:2.0.6
  • Samba Rsync 2.0.7
    cpe:2.3:a:samba:rsync:2.0.7
  • Samba Rsync 2.0.8
    cpe:2.3:a:samba:rsync:2.0.8
  • Samba Rsync 2.0.9
    cpe:2.3:a:samba:rsync:2.0.9
  • Samba Rsync 2.0.10
    cpe:2.3:a:samba:rsync:2.0.10
  • Samba Rsync 2.0.11
    cpe:2.3:a:samba:rsync:2.0.11
  • Samba Rsync 2.0.12
    cpe:2.3:a:samba:rsync:2.0.12
  • Samba Rsync 2.0.13
    cpe:2.3:a:samba:rsync:2.0.13
  • Samba Rsync 2.0.14
    cpe:2.3:a:samba:rsync:2.0.14
  • Samba Rsync 2.0.15
    cpe:2.3:a:samba:rsync:2.0.15
  • Samba Rsync 2.0.16
    cpe:2.3:a:samba:rsync:2.0.16
  • Samba Rsync 2.0.17
    cpe:2.3:a:samba:rsync:2.0.17
  • Samba Rsync 2.0.18
    cpe:2.3:a:samba:rsync:2.0.18
  • Samba Rsync 2.0.19
    cpe:2.3:a:samba:rsync:2.0.19
  • Samba Rsync 2.1.0
    cpe:2.3:a:samba:rsync:2.1.0
  • Samba Rsync 2.1.1
    cpe:2.3:a:samba:rsync:2.1.1
  • Samba Rsync 2.2.0
    cpe:2.3:a:samba:rsync:2.2.0
  • Samba Rsync 2.2.1
    cpe:2.3:a:samba:rsync:2.2.1
  • Samba Rsync 2.3.0
    cpe:2.3:a:samba:rsync:2.3.0
  • Samba Rsync 2.3.1
    cpe:2.3:a:samba:rsync:2.3.1
  • Samba Rsync 2.3.2
    cpe:2.3:a:samba:rsync:2.3.2
  • Samba Rsync 2.4.0
    cpe:2.3:a:samba:rsync:2.4.0
  • Samba Rsync 2.4.1
    cpe:2.3:a:samba:rsync:2.4.1
  • Samba Rsync 2.4.2
    cpe:2.3:a:samba:rsync:2.4.2
  • Samba Rsync 2.4.3
    cpe:2.3:a:samba:rsync:2.4.3
  • Samba Rsync 2.4.4
    cpe:2.3:a:samba:rsync:2.4.4
  • Samba Rsync 2.4.5
    cpe:2.3:a:samba:rsync:2.4.5
  • Samba Rsync 2.4.6
    cpe:2.3:a:samba:rsync:2.4.6
  • Samba Rsync 2.4.8
    cpe:2.3:a:samba:rsync:2.4.8
  • Samba Rsync 2.5.0
    cpe:2.3:a:samba:rsync:2.5.0
  • Samba Rsync 2.5.1
    cpe:2.3:a:samba:rsync:2.5.1
  • Samba Rsync 2.5.2
    cpe:2.3:a:samba:rsync:2.5.2
  • Samba Rsync 2.5.3
    cpe:2.3:a:samba:rsync:2.5.3
  • Samba Rsync 2.5.4
    cpe:2.3:a:samba:rsync:2.5.4
  • Samba Rsync 2.5.5
    cpe:2.3:a:samba:rsync:2.5.5
  • Samba Rsync 2.5.6
    cpe:2.3:a:samba:rsync:2.5.6
  • Samba Rsync 2.5.7
    cpe:2.3:a:samba:rsync:2.5.7
  • Samba Rsync 2.6.0
    cpe:2.3:a:samba:rsync:2.6.0
  • Samba Rsync 2.6.1
    cpe:2.3:a:samba:rsync:2.6.1
  • Samba Rsync 2.6.2
    cpe:2.3:a:samba:rsync:2.6.2
  • Samba Rsync 2.6.3
    cpe:2.3:a:samba:rsync:2.6.3
  • Samba Rsync 2.6.4
    cpe:2.3:a:samba:rsync:2.6.4
  • Samba Rsync 2.6.5
    cpe:2.3:a:samba:rsync:2.6.5
  • Samba Rsync 2.6.6
    cpe:2.3:a:samba:rsync:2.6.6
  • Samba Rsync 2.6.7
    cpe:2.3:a:samba:rsync:2.6.7
  • Samba Rsync 2.6.8
    cpe:2.3:a:samba:rsync:2.6.8
  • Samba Rsync 2.6.9
    cpe:2.3:a:samba:rsync:2.6.9
  • Samba Rsync 3.0.0
    cpe:2.3:a:samba:rsync:3.0.0
  • Samba Rsync 3.0.1
    cpe:2.3:a:samba:rsync:3.0.1
  • Samba Rsync 3.0.2
    cpe:2.3:a:samba:rsync:3.0.2
  • Samba Rsync 3.0.3
    cpe:2.3:a:samba:rsync:3.0.3
  • Samba Rsync 3.0.4
    cpe:2.3:a:samba:rsync:3.0.4
  • Samba Rsync 3.0.5
    cpe:2.3:a:samba:rsync:3.0.5
  • Samba Rsync 3.0.6
    cpe:2.3:a:samba:rsync:3.0.6
  • Samba Rsync 3.0.7
    cpe:2.3:a:samba:rsync:3.0.7
  • Samba rsync 3.08
    cpe:2.3:a:samba:rsync:3.0.8
  • Samba rsync 3.0.9
    cpe:2.3:a:samba:rsync:3.0.9
  • Samba rsync 3.1.0
    cpe:2.3:a:samba:rsync:3.1.0
  • Samba Rsync 3.1.1
    cpe:2.3:a:samba:rsync:3.1.1
  • Samba rsync 3.1.1pre1
    cpe:2.3:a:samba:rsync:3.1.1:pre1
  • Samba Rsync 3.1.2
    cpe:2.3:a:samba:rsync:3.1.2
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-254
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0172-1.NASL
    description This update for rsync fixes one issues. This security issue was fixed : - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106261
    published 2018-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106261
    title SUSE SLES11 Security Update : rsync (SUSE-SU-2018:0172-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-237.NASL
    description This update for rsync fixes one issues. This security issue was fixed : - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-03-09
    plugin id 107244
    published 2018-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107244
    title openSUSE Security Update : rsync (openSUSE-2018-237)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1050.NASL
    description According to the version of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 106778
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106778
    title EulerOS 2.0 SP2 : rsync (EulerOS-SA-2018-1050)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3543-1.NASL
    description It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code. (CVE-2018-5764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106295
    published 2018-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106295
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : rsync vulnerabilities (USN-3543-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-032-02.NASL
    description New rsync packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 106565
    published 2018-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106565
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : rsync (SSA:2018-032-02)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1247.NASL
    description It was discovered that there was an injection vulnerability in the rsync file-copying tool. For Debian 7 'Wheezy', this issue has been fixed in rsync version 3.0.9-4+deb7u2. We recommend that you upgrade your rsync packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 106174
    published 2018-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106174
    title Debian DLA-1247-1 : rsync security update
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0132_RSYNC.NASL
    description An update of the rsync package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121838
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121838
    title Photon OS 1.0: Rsync PHSA-2018-1.0-0132
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0041_RSYNC.NASL
    description An update of the rsync package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121943
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121943
    title Photon OS 2.0: Rsync PHSA-2018-2.0-0041
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201805-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201805-04 (rsync: Arbitrary command execution) A vulnerability was discovered in rsync’s parse_arguments function in options.c. Impact : Remote attackers could possibly execute arbitrary commands with the privilege of the process. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 109627
    published 2018-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109627
    title GLSA-201805-04 : rsync: Arbitrary command execution
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0174-1.NASL
    description This update for rsync fixes one issues. This security issue was fixed : - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106263
    published 2018-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106263
    title SUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2018:0174-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-034101216D.NASL
    description Removing dependencies on systemd-units ---- New version 3.1.3, includes security fix for CVE-2018-5764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-06
    plugin id 106611
    published 2018-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106611
    title Fedora 26 : rsync (2018-034101216d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D0EBFAB3F3.NASL
    description New version 3.1.3, includes security fix for CVE-2018-5764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-07
    plugin id 106646
    published 2018-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106646
    title Fedora 27 : rsync (2018-d0ebfab3f3)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1244.NASL
    description According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.(CVE-2017-17433) - The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.(CVE-2017-17434) - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117553
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117553
    title EulerOS Virtualization 2.5.0 : rsync (EulerOS-SA-2018-1244)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1049.NASL
    description According to the version of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 106777
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106777
    title EulerOS 2.0 SP1 : rsync (EulerOS-SA-2018-1049)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0041.NASL
    description An update of {'ceph', 'linux-esx', 'rsync', 'linux', 'linux-secure', 'linux-aws'} packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111300
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111300
    title Photon OS 2.0 : ceph / linux-esx / rsync / linux / linux-secure / linux-aws (PhotonOS-PHSA-2018-2.0-0041) (deprecated)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0132.NASL
    description An update of 'linux-esx', 'rsync', 'linux' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111934
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111934
    title Photon OS 1.0: Linux / Rsync PHSA-2018-1.0-0132 (deprecated)
refmap via4
bid 102803
confirm
gentoo GLSA-201805-04
mlist
  • [debian-lts-announce] 20180119 [SECURITY] [DLA 1247-1] rsync security update
  • [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
sectrack 1040276
ubuntu USN-3543-1
Last major update 17-01-2018 - 17:29
Published 17-01-2018 - 17:29
Last modified 03-04-2019 - 07:39
Back to Top