- Home
- CVEs with nessus.description==According to the versions of the rsync package installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :
- The recv_files function in receiver.c in the daemon in
rsync 3.1.2, and 3.1.3-development before 2017-12-03,
proceeds with certain file metadata updates before
checking for a filename in the daemon_filter_list data
structure, which allows remote attackers to bypass
intended access restrictions.(CVE-2017-17433)
- The daemon in rsync 3.1.2, and 3.1.3-development before
2017-12-03, does not check for fnamecmp filenames in
the daemon_filter_list data structure (in the
recv_files function in receiver.c) and also does not
apply the sanitize_paths protection mechanism to
pathnames found in 'xname follows' strings (in the
read_ndx_and_attrs function in rsync.c), which allows
remote attackers to bypass intended access
restrictions.(CVE-2017-17434)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top