Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-16548 (GCVE-0-2017-16548)
Vulnerability from cvelistv5
Published
2017-11-06 05:00
Modified
2024-08-05 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"name": "USN-3543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"name": "DSA-4068",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "USN-3543-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-23T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"name": "USN-3543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"name": "DSA-4068",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "USN-3543-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1",
"refsource": "CONFIRM",
"url": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=13112",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"name": "USN-3543-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"name": "DSA-4068",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "USN-3543-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16548",
"datePublished": "2017-11-06T05:00:00",
"dateReserved": "2017-11-05T00:00:00",
"dateUpdated": "2024-08-05T20:27:03.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-16548\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-06T05:29:00.253\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n receive_xattr en xattrs.c en rsync 3.1.2 y 3.1.3-development no comprueba un car\u00e1cter final \u0027\\\\0\u0027 en un nombre xattr, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, causen otros impactos no especificados enviando datos manipulados al demonio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"2.6.9\",\"versionEndIncluding\":\"3.1.2\",\"matchCriteriaId\":\"2C851A23-4E75-4796-9DC4-9897E4A433E6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=13112\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3543-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3543-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=13112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3543-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3543-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
gsd-2017-16548
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-16548",
"description": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"id": "GSD-2017-16548",
"references": [
"https://www.suse.com/security/cve/CVE-2017-16548.html",
"https://www.debian.org/security/2017/dsa-4068",
"https://ubuntu.com/security/CVE-2017-16548",
"https://advisories.mageia.org/CVE-2017-16548.html",
"https://security.archlinux.org/CVE-2017-16548"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-16548"
],
"details": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"id": "GSD-2017-16548",
"modified": "2023-12-13T01:21:01.149729Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1",
"refsource": "CONFIRM",
"url": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=13112",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"name": "USN-3543-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"name": "DSA-4068",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "USN-3543-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.2",
"versionStartExcluding": "2.6.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16548"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=13112",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"name": "DSA-4068",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"name": "USN-3543-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"name": "USN-3543-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3543-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-05-01T14:14Z",
"publishedDate": "2017-11-06T05:29Z"
}
}
}
fkie_cve-2017-16548
Vulnerability from fkie_nvd
Published
2017-11-06 05:29
Modified
2025-04-20 01:37
Severity ?
Summary
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugzilla.samba.org/show_bug.cgi?id=13112 | Issue Tracking | |
| cve@mitre.org | https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3543-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3543-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4068 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.samba.org/show_bug.cgi?id=13112 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3543-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3543-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4068 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samba | rsync | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C851A23-4E75-4796-9DC4-9897E4A433E6",
"versionEndIncluding": "3.1.2",
"versionStartExcluding": "2.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon."
},
{
"lang": "es",
"value": "La funci\u00f3n receive_xattr en xattrs.c en rsync 3.1.2 y 3.1.3-development no comprueba un car\u00e1cter final \u0027\\0\u0027 en un nombre xattr, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en memoria din\u00e1mica o heap y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, causen otros impactos no especificados enviando datos manipulados al demonio."
}
],
"id": "CVE-2017-16548",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T05:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"source": "cve@mitre.org",
"url": "https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3543-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2018:0117-1
Vulnerability from csaf_suse
Published
2018-01-17 07:32
Modified
2018-01-17 07:32
Summary
Security update for rsync
Notes
Title of the patch
Security update for rsync
Description of the patch
This update for rsync fixes the following issues:
Security issues fixed:
- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in
the daemon_filter_list data structure (in the recv_files function in
receiver.c) and also did not apply the sanitize_paths protection mechanism to
pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function
in rsync.c), which allowed remote attackers to bypass intended access
restrictions' (bsc#1071460).
- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,
proceeded with certain file metadata updates before checking for a filename in
the daemon_filter_list data structure, which allowed remote attackers to bypass
intended access restrictions (bsc#1071459).
- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check
for a trailing '\\0' character in an xattr name, which allowed remote attackers
to cause a denial of service (heap-based buffer over-read and application
crash) or possibly have unspecified other impact by sending crafted data to the
daemon (bsc#1066644).
Patchnames
slessp4-rsync-13416
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rsync",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rsync fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in\n the daemon_filter_list data structure (in the recv_files function in\n receiver.c) and also did not apply the sanitize_paths protection mechanism to\n pathnames found in \u0027xname follows\u0027 strings (in the read_ndx_and_attrs function\n in rsync.c), which allowed remote attackers to bypass intended access\n restrictions\u0027 (bsc#1071460).\n- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,\n proceeded with certain file metadata updates before checking for a filename in\n the daemon_filter_list data structure, which allowed remote attackers to bypass\n intended access restrictions (bsc#1071459).\n- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check\n for a trailing \u0027\\\\0\u0027 character in an xattr name, which allowed remote attackers\n to cause a denial of service (heap-based buffer over-read and application\n crash) or possibly have unspecified other impact by sending crafted data to the\n daemon (bsc#1066644).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-rsync-13416",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0117-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0117-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180117-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0117-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-January/003603.html"
},
{
"category": "self",
"summary": "SUSE Bug 1066644",
"url": "https://bugzilla.suse.com/1066644"
},
{
"category": "self",
"summary": "SUSE Bug 1071459",
"url": "https://bugzilla.suse.com/1071459"
},
{
"category": "self",
"summary": "SUSE Bug 1071460",
"url": "https://bugzilla.suse.com/1071460"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16548 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17433 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17434 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17434/"
}
],
"title": "Security update for rsync",
"tracking": {
"current_release_date": "2018-01-17T07:32:49Z",
"generator": {
"date": "2018-01-17T07:32:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0117-1",
"initial_release_date": "2018-01-17T07:32:49Z",
"revision_history": [
{
"date": "2018-01-17T07:32:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.i586",
"product": {
"name": "rsync-3.0.4-2.53.3.1.i586",
"product_id": "rsync-3.0.4-2.53.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.ia64",
"product": {
"name": "rsync-3.0.4-2.53.3.1.ia64",
"product_id": "rsync-3.0.4-2.53.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.ppc64",
"product": {
"name": "rsync-3.0.4-2.53.3.1.ppc64",
"product_id": "rsync-3.0.4-2.53.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.s390x",
"product": {
"name": "rsync-3.0.4-2.53.3.1.s390x",
"product_id": "rsync-3.0.4-2.53.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.x86_64",
"product": {
"name": "rsync-3.0.4-2.53.3.1.x86_64",
"product_id": "rsync-3.0.4-2.53.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586"
},
"product_reference": "rsync-3.0.4-2.53.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x"
},
"product_reference": "rsync-3.0.4-2.53.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586"
},
"product_reference": "rsync-3.0.4-2.53.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x"
},
"product_reference": "rsync-3.0.4-2.53.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16548"
}
],
"notes": [
{
"category": "general",
"text": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16548",
"url": "https://www.suse.com/security/cve/CVE-2017-16548"
},
{
"category": "external",
"summary": "SUSE Bug 1066644 for CVE-2017-16548",
"url": "https://bugzilla.suse.com/1066644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:32:49Z",
"details": "low"
}
],
"title": "CVE-2017-16548"
},
{
"cve": "CVE-2017-17433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17433"
}
],
"notes": [
{
"category": "general",
"text": "The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17433",
"url": "https://www.suse.com/security/cve/CVE-2017-17433"
},
{
"category": "external",
"summary": "SUSE Bug 1071459 for CVE-2017-17433",
"url": "https://bugzilla.suse.com/1071459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:32:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-17433"
},
{
"cve": "CVE-2017-17434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17434"
}
],
"notes": [
{
"category": "general",
"text": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17434",
"url": "https://www.suse.com/security/cve/CVE-2017-17434"
},
{
"category": "external",
"summary": "SUSE Bug 1071460 for CVE-2017-17434",
"url": "https://bugzilla.suse.com/1071460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:32:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-17434"
}
]
}
suse-su-2018:0118-1
Vulnerability from csaf_suse
Published
2018-01-17 07:31
Modified
2018-01-17 07:31
Summary
Security update for rsync
Notes
Title of the patch
Security update for rsync
Description of the patch
This update for rsync fixes several issues.
These security issues were fixed:
- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in
the daemon_filter_list data structure (in the recv_files function in
receiver.c) and also did not apply the sanitize_paths protection mechanism to
pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function
in rsync.c), which allowed remote attackers to bypass intended access
restrictions' (bsc#1071460).
- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,
proceeded with certain file metadata updates before checking for a filename in
the daemon_filter_list data structure, which allowed remote attackers to bypass
intended access restrictions (bsc#1071459).
- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check
for a trailing '\\0' character in an xattr name, which allowed remote attackers
to cause a denial of service (heap-based buffer over-read and application
crash) or possibly have unspecified other impact by sending crafted data to the
daemon (bsc#1066644).
This non-security issue was fixed:
- Stop file upload after errors like a full disk (bsc#1062063)
- Ensure -X flag works even when setting owner/group (bsc#1028842)
Patchnames
SUSE-CAASP-ALL-2018-84,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-84,SUSE-SLE-DESKTOP-12-SP2-2018-84,SUSE-SLE-DESKTOP-12-SP3-2018-84,SUSE-SLE-RPI-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP3-2018-84
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rsync",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rsync fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in\n the daemon_filter_list data structure (in the recv_files function in\n receiver.c) and also did not apply the sanitize_paths protection mechanism to\n pathnames found in \u0027xname follows\u0027 strings (in the read_ndx_and_attrs function\n in rsync.c), which allowed remote attackers to bypass intended access\n restrictions\u0027 (bsc#1071460).\n- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,\n proceeded with certain file metadata updates before checking for a filename in\n the daemon_filter_list data structure, which allowed remote attackers to bypass\n intended access restrictions (bsc#1071459).\n- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check\n for a trailing \u0027\\\\0\u0027 character in an xattr name, which allowed remote attackers\n to cause a denial of service (heap-based buffer over-read and application\n crash) or possibly have unspecified other impact by sending crafted data to the\n daemon (bsc#1066644).\n\nThis non-security issue was fixed:\n\n- Stop file upload after errors like a full disk (bsc#1062063)\n- Ensure -X flag works even when setting owner/group (bsc#1028842)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-CAASP-ALL-2018-84,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-84,SUSE-SLE-DESKTOP-12-SP2-2018-84,SUSE-SLE-DESKTOP-12-SP3-2018-84,SUSE-SLE-RPI-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP3-2018-84",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0118-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0118-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180118-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0118-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-January/003604.html"
},
{
"category": "self",
"summary": "SUSE Bug 1028842",
"url": "https://bugzilla.suse.com/1028842"
},
{
"category": "self",
"summary": "SUSE Bug 1062063",
"url": "https://bugzilla.suse.com/1062063"
},
{
"category": "self",
"summary": "SUSE Bug 1066644",
"url": "https://bugzilla.suse.com/1066644"
},
{
"category": "self",
"summary": "SUSE Bug 1071459",
"url": "https://bugzilla.suse.com/1071459"
},
{
"category": "self",
"summary": "SUSE Bug 1071460",
"url": "https://bugzilla.suse.com/1071460"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16548 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17433 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17434 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17434/"
}
],
"title": "Security update for rsync",
"tracking": {
"current_release_date": "2018-01-17T07:31:45Z",
"generator": {
"date": "2018-01-17T07:31:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0118-1",
"initial_release_date": "2018-01-17T07:31:45Z",
"revision_history": [
{
"date": "2018-01-17T07:31:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.aarch64",
"product": {
"name": "rsync-3.1.0-13.7.1.aarch64",
"product_id": "rsync-3.1.0-13.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.ppc64le",
"product": {
"name": "rsync-3.1.0-13.7.1.ppc64le",
"product_id": "rsync-3.1.0-13.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.s390x",
"product": {
"name": "rsync-3.1.0-13.7.1.s390x",
"product_id": "rsync-3.1.0-13.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.x86_64",
"product": {
"name": "rsync-3.1.0-13.7.1.x86_64",
"product_id": "rsync-3.1.0-13.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16548"
}
],
"notes": [
{
"category": "general",
"text": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16548",
"url": "https://www.suse.com/security/cve/CVE-2017-16548"
},
{
"category": "external",
"summary": "SUSE Bug 1066644 for CVE-2017-16548",
"url": "https://bugzilla.suse.com/1066644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:31:45Z",
"details": "low"
}
],
"title": "CVE-2017-16548"
},
{
"cve": "CVE-2017-17433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17433"
}
],
"notes": [
{
"category": "general",
"text": "The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17433",
"url": "https://www.suse.com/security/cve/CVE-2017-17433"
},
{
"category": "external",
"summary": "SUSE Bug 1071459 for CVE-2017-17433",
"url": "https://bugzilla.suse.com/1071459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:31:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-17433"
},
{
"cve": "CVE-2017-17434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17434"
}
],
"notes": [
{
"category": "general",
"text": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17434",
"url": "https://www.suse.com/security/cve/CVE-2017-17434"
},
{
"category": "external",
"summary": "SUSE Bug 1071460 for CVE-2017-17434",
"url": "https://bugzilla.suse.com/1071460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:31:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-17434"
}
]
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
}
],
"initial_release_date": "2022-07-15T00:00:00",
"last_revision_date": "2022-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
opensuse-su-2024:11308-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
rsync-3.2.3-2.6 on GA media
Notes
Title of the patch
rsync-3.2.3-2.6 on GA media
Description of the patch
These are all security issues fixed in the rsync-3.2.3-2.6 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11308
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rsync-3.2.3-2.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rsync-3.2.3-2.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11308",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11308-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4091 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6199 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16548 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5764 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14387 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14387/"
}
],
"title": "rsync-3.2.3-2.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11308-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.3-2.6.aarch64",
"product": {
"name": "rsync-3.2.3-2.6.aarch64",
"product_id": "rsync-3.2.3-2.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.3-2.6.ppc64le",
"product": {
"name": "rsync-3.2.3-2.6.ppc64le",
"product_id": "rsync-3.2.3-2.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.3-2.6.s390x",
"product": {
"name": "rsync-3.2.3-2.6.s390x",
"product_id": "rsync-3.2.3-2.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.3-2.6.x86_64",
"product": {
"name": "rsync-3.2.3-2.6.x86_64",
"product_id": "rsync-3.2.3-2.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.3-2.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64"
},
"product_reference": "rsync-3.2.3-2.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.3-2.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le"
},
"product_reference": "rsync-3.2.3-2.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.3-2.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x"
},
"product_reference": "rsync-3.2.3-2.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.3-2.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
},
"product_reference": "rsync-3.2.3-2.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-4091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4091"
}
],
"notes": [
{
"category": "general",
"text": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4091",
"url": "https://www.suse.com/security/cve/CVE-2007-4091"
},
{
"category": "external",
"summary": "SUSE Bug 279866 for CVE-2007-4091",
"url": "https://bugzilla.suse.com/279866"
},
{
"category": "external",
"summary": "SUSE Bug 294073 for CVE-2007-4091",
"url": "https://bugzilla.suse.com/294073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-4091"
},
{
"cve": "CVE-2007-6199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6199"
}
],
"notes": [
{
"category": "general",
"text": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6199",
"url": "https://www.suse.com/security/cve/CVE-2007-6199"
},
{
"category": "external",
"summary": "SUSE Bug 345507 for CVE-2007-6199",
"url": "https://bugzilla.suse.com/345507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-6199"
},
{
"cve": "CVE-2017-16548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16548"
}
],
"notes": [
{
"category": "general",
"text": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16548",
"url": "https://www.suse.com/security/cve/CVE-2017-16548"
},
{
"category": "external",
"summary": "SUSE Bug 1066644 for CVE-2017-16548",
"url": "https://bugzilla.suse.com/1066644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-16548"
},
{
"cve": "CVE-2018-5764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5764"
}
],
"notes": [
{
"category": "general",
"text": "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5764",
"url": "https://www.suse.com/security/cve/CVE-2018-5764"
},
{
"category": "external",
"summary": "SUSE Bug 1076503 for CVE-2018-5764",
"url": "https://bugzilla.suse.com/1076503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5764"
},
{
"cve": "CVE-2020-14387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14387"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14387",
"url": "https://www.suse.com/security/cve/CVE-2020-14387"
},
{
"category": "external",
"summary": "SUSE Bug 1176160 for CVE-2020-14387",
"url": "https://bugzilla.suse.com/1176160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
"openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14387"
}
]
}
cnvd-2017-36333
Vulnerability from cnvd
Title
rsync拒绝服务漏洞
Description
rsync是澳大利亚软件开发者安德鲁-垂鸠(Andrew Tridgell)和保罗-麦可拉斯(Paul Mackerras)共同研发的一套用于类Unix系统中的数据镜像备份应用程序,它能够同步更新两处计算机的文件与目录,并利用差分编码减少数据传输。
rsync 3.1.2版本和3.1.3-development版本中的xattrs.c文件的‘receive_xattr’函数存在安全漏洞。远程攻击者可通过向守护进程发送特制的数据利用该漏洞造成拒绝服务(堆缓冲区越边界读取和应用程序崩溃)。
Severity
高
VLAI Severity ?
Patch Name
rsync拒绝服务漏洞的补丁
Patch Description
rsync是澳大利亚软件开发者安德鲁-垂鸠(Andrew Tridgell)和保罗-麦可拉斯(Paul Mackerras)共同研发的一套用于类Unix系统中的数据镜像备份应用程序,它能够同步更新两处计算机的文件与目录,并利用差分编码减少数据传输。
rsync 3.1.2版本和3.1.3-development版本中的xattrs.c文件的‘receive_xattr’函数存在安全漏洞。远程攻击者可通过向守护进程发送特制的数据利用该漏洞造成拒绝服务(堆缓冲区越边界读取和应用程序崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://bugzilla.samba.org/show_bug.cgi?id=13112
Reference
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
Impacted products
| Name | ['Rsync rsync 3.1.2', 'Rsync rsync 3.1.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-16548"
}
},
"description": "rsync\u662f\u6fb3\u5927\u5229\u4e9a\u8f6f\u4ef6\u5f00\u53d1\u8005\u5b89\u5fb7\u9c81-\u5782\u9e20\uff08Andrew Tridgell\uff09\u548c\u4fdd\u7f57-\u9ea6\u53ef\u62c9\u65af\uff08Paul Mackerras\uff09\u5171\u540c\u7814\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u7c7bUnix\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u955c\u50cf\u5907\u4efd\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u80fd\u591f\u540c\u6b65\u66f4\u65b0\u4e24\u5904\u8ba1\u7b97\u673a\u7684\u6587\u4ef6\u4e0e\u76ee\u5f55\uff0c\u5e76\u5229\u7528\u5dee\u5206\u7f16\u7801\u51cf\u5c11\u6570\u636e\u4f20\u8f93\u3002\r\n\r\nrsync 3.1.2\u7248\u672c\u548c3.1.3-development\u7248\u672c\u4e2d\u7684xattrs.c\u6587\u4ef6\u7684\u2018receive_xattr\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5b88\u62a4\u8fdb\u7a0b\u53d1\u9001\u7279\u5236\u7684\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5806\u7f13\u51b2\u533a\u8d8a\u8fb9\u754c\u8bfb\u53d6\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
"discovererName": "jeriko.one",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bugzilla.samba.org/show_bug.cgi?id=13112",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-36333",
"openTime": "2017-12-06",
"patchDescription": "rsync\u662f\u6fb3\u5927\u5229\u4e9a\u8f6f\u4ef6\u5f00\u53d1\u8005\u5b89\u5fb7\u9c81-\u5782\u9e20\uff08Andrew Tridgell\uff09\u548c\u4fdd\u7f57-\u9ea6\u53ef\u62c9\u65af\uff08Paul Mackerras\uff09\u5171\u540c\u7814\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u7c7bUnix\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u955c\u50cf\u5907\u4efd\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u80fd\u591f\u540c\u6b65\u66f4\u65b0\u4e24\u5904\u8ba1\u7b97\u673a\u7684\u6587\u4ef6\u4e0e\u76ee\u5f55\uff0c\u5e76\u5229\u7528\u5dee\u5206\u7f16\u7801\u51cf\u5c11\u6570\u636e\u4f20\u8f93\u3002\r\n\r\nrsync 3.1.2\u7248\u672c\u548c3.1.3-development\u7248\u672c\u4e2d\u7684xattrs.c\u6587\u4ef6\u7684\u2018receive_xattr\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5b88\u62a4\u8fdb\u7a0b\u53d1\u9001\u7279\u5236\u7684\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5806\u7f13\u51b2\u533a\u8d8a\u8fb9\u754c\u8bfb\u53d6\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "rsync\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Rsync rsync 3.1.2",
"Rsync rsync 3.1.3"
]
},
"referenceLink": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1",
"serverity": "\u9ad8",
"submitTime": "2017-11-09",
"title": "rsync\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
ghsa-vp2c-23x9-j4wq
Vulnerability from github
Published
2022-05-13 01:27
Modified
2025-04-20 03:48
Severity ?
VLAI Severity ?
Details
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
{
"affected": [],
"aliases": [
"CVE-2017-16548"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-06T05:29:00Z",
"severity": "CRITICAL"
},
"details": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"id": "GHSA-vp2c-23x9-j4wq",
"modified": "2025-04-20T03:48:04Z",
"published": "2022-05-13T01:27:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16548"
},
{
"type": "WEB",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13112"
},
{
"type": "WEB",
"url": "https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"type": "WEB",
"url": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3543-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3543-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4068"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…