Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-17434 (GCVE-0-2017-17434)
Vulnerability from cvelistv5
Published
2017-12-06 03:00
Modified
2024-08-05 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"name": "DSA-4068",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"name": "DSA-4068",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9",
"refsource": "MISC",
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"name": "http://security.cucumberlinux.com/security/details.php?id=170",
"refsource": "CONFIRM",
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"name": "DSA-4068",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"name": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1",
"refsource": "MISC",
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17434",
"datePublished": "2017-12-06T03:00:00",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-17434\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-12-06T03:29:00.267\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \\\"xname follows\\\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.\"},{\"lang\":\"es\",\"value\":\"El demonio en rsync 3.1.2 y 3.1.3-development en versiones anteriores a la 2017-11-03 no busca nombres de archivo fnamecmp en la estructura de datos daemon_filter_list (en la funci\u00f3n recv_files en receiver.c) y tampoco aplica el mecanismo de protecci\u00f3n sanitize_paths a los nombres de ruta hallados en cadenas \\\"xname follows\\\" (en la funci\u00f3n read_ndx_and_attrs en rsync.c). Esto permite que atacantes remotos omitan las restricciones de acceso planeadas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.2\",\"matchCriteriaId\":\"F490A8DC-BDAF-4AD0-95E3-F98D5BDA75B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://security.cucumberlinux.com/security/details.php?id=170\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2017/dsa-4068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.cucumberlinux.com/security/details.php?id=170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2017/dsa-4068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-mqj4-x9gm-m5r5
Vulnerability from github
Published
2022-05-13 01:44
Modified
2025-04-20 03:49
Severity ?
VLAI Severity ?
Details
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
{
"affected": [],
"aliases": [
"CVE-2017-17434"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-06T03:29:00Z",
"severity": "CRITICAL"
},
"details": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"id": "GHSA-mqj4-x9gm-m5r5",
"modified": "2025-04-20T03:49:30Z",
"published": "2022-05-13T01:44:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17434"
},
{
"type": "WEB",
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"
},
{
"type": "WEB",
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"type": "WEB",
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1"
},
{
"type": "WEB",
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"type": "WEB",
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cnvd-2018-00212
Vulnerability from cnvd
Title
rsync访问限制绕过漏洞(CNVD-2018-00212)
Description
rsync是澳大利亚软件开发者安德鲁-垂鸠(Andrew Tridgell)和保罗-麦可拉斯(Paul Mackerras)共同研发的一套用于类Unix系统中的数据镜像备份应用程序,它能够同步更新两处计算机的文件与目录,并利用差分编码减少数据传输。
rsync 2017-11-03之前的3.1.2和3.1.3-development版本中的守护进程存在安全漏洞,该漏洞源于程序未能检测daemon_filter_list数据结构中的fnamecmp文件名,并未对‘xname follows’字符串中的路径名实施sanitize_paths保护机制。远程攻击者可利用该漏洞绕过访问限制。
Severity
高
VLAI Severity ?
Patch Name
rsync访问限制绕过漏洞(CNVD-2018-00212)的补丁
Patch Description
rsync是澳大利亚软件开发者安德鲁-垂鸠(Andrew Tridgell)和保罗-麦可拉斯(Paul Mackerras)共同研发的一套用于类Unix系统中的数据镜像备份应用程序,它能够同步更新两处计算机的文件与目录,并利用差分编码减少数据传输。
rsync 2017-11-03之前的3.1.2和3.1.3-development版本中的守护进程存在安全漏洞,该漏洞源于程序未能检测daemon_filter_list数据结构中的fnamecmp文件名,并未对‘xname follows’字符串中的路径名实施sanitize_paths保护机制。远程攻击者可利用该漏洞绕过访问限制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1; https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-17434
https://www.debian.org/security/2017/dsa-4068
Impacted products
| Name | ['Rsync rsync 3.1.2', 'Rsync rsync 3.1.3-development (<2017-11-03)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-17434"
}
},
"description": "rsync\u662f\u6fb3\u5927\u5229\u4e9a\u8f6f\u4ef6\u5f00\u53d1\u8005\u5b89\u5fb7\u9c81-\u5782\u9e20\uff08Andrew Tridgell\uff09\u548c\u4fdd\u7f57-\u9ea6\u53ef\u62c9\u65af\uff08Paul Mackerras\uff09\u5171\u540c\u7814\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u7c7bUnix\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u955c\u50cf\u5907\u4efd\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u80fd\u591f\u540c\u6b65\u66f4\u65b0\u4e24\u5904\u8ba1\u7b97\u673a\u7684\u6587\u4ef6\u4e0e\u76ee\u5f55\uff0c\u5e76\u5229\u7528\u5dee\u5206\u7f16\u7801\u51cf\u5c11\u6570\u636e\u4f20\u8f93\u3002\r\n\r\nrsync 2017-11-03\u4e4b\u524d\u76843.1.2\u548c3.1.3-development\u7248\u672c\u4e2d\u7684\u5b88\u62a4\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u6d4bdaemon_filter_list\u6570\u636e\u7ed3\u6784\u4e2d\u7684fnamecmp\u6587\u4ef6\u540d\uff0c\u5e76\u672a\u5bf9\u2018xname follows\u2019\u5b57\u7b26\u4e32\u4e2d\u7684\u8def\u5f84\u540d\u5b9e\u65bdsanitize_paths\u4fdd\u62a4\u673a\u5236\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002",
"discovererName": "unknow",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1\uff1b\r\nhttps://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-00212",
"openTime": "2018-01-04",
"patchDescription": "rsync\u662f\u6fb3\u5927\u5229\u4e9a\u8f6f\u4ef6\u5f00\u53d1\u8005\u5b89\u5fb7\u9c81-\u5782\u9e20\uff08Andrew Tridgell\uff09\u548c\u4fdd\u7f57-\u9ea6\u53ef\u62c9\u65af\uff08Paul Mackerras\uff09\u5171\u540c\u7814\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u7c7bUnix\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u955c\u50cf\u5907\u4efd\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u80fd\u591f\u540c\u6b65\u66f4\u65b0\u4e24\u5904\u8ba1\u7b97\u673a\u7684\u6587\u4ef6\u4e0e\u76ee\u5f55\uff0c\u5e76\u5229\u7528\u5dee\u5206\u7f16\u7801\u51cf\u5c11\u6570\u636e\u4f20\u8f93\u3002\r\n\r\nrsync 2017-11-03\u4e4b\u524d\u76843.1.2\u548c3.1.3-development\u7248\u672c\u4e2d\u7684\u5b88\u62a4\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u6d4bdaemon_filter_list\u6570\u636e\u7ed3\u6784\u4e2d\u7684fnamecmp\u6587\u4ef6\u540d\uff0c\u5e76\u672a\u5bf9\u2018xname follows\u2019\u5b57\u7b26\u4e32\u4e2d\u7684\u8def\u5f84\u540d\u5b9e\u65bdsanitize_paths\u4fdd\u62a4\u673a\u5236\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "rsync\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2018-00212\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Rsync rsync 3.1.2",
"Rsync rsync 3.1.3-development (\u003c2017-11-03)"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-17434\r\nhttps://www.debian.org/security/2017/dsa-4068",
"serverity": "\u9ad8",
"submitTime": "2017-12-06",
"title": "rsync\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2018-00212\uff09"
}
suse-su-2018:0117-1
Vulnerability from csaf_suse
Published
2018-01-17 07:32
Modified
2018-01-17 07:32
Summary
Security update for rsync
Notes
Title of the patch
Security update for rsync
Description of the patch
This update for rsync fixes the following issues:
Security issues fixed:
- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in
the daemon_filter_list data structure (in the recv_files function in
receiver.c) and also did not apply the sanitize_paths protection mechanism to
pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function
in rsync.c), which allowed remote attackers to bypass intended access
restrictions' (bsc#1071460).
- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,
proceeded with certain file metadata updates before checking for a filename in
the daemon_filter_list data structure, which allowed remote attackers to bypass
intended access restrictions (bsc#1071459).
- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check
for a trailing '\\0' character in an xattr name, which allowed remote attackers
to cause a denial of service (heap-based buffer over-read and application
crash) or possibly have unspecified other impact by sending crafted data to the
daemon (bsc#1066644).
Patchnames
slessp4-rsync-13416
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rsync",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rsync fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in\n the daemon_filter_list data structure (in the recv_files function in\n receiver.c) and also did not apply the sanitize_paths protection mechanism to\n pathnames found in \u0027xname follows\u0027 strings (in the read_ndx_and_attrs function\n in rsync.c), which allowed remote attackers to bypass intended access\n restrictions\u0027 (bsc#1071460).\n- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,\n proceeded with certain file metadata updates before checking for a filename in\n the daemon_filter_list data structure, which allowed remote attackers to bypass\n intended access restrictions (bsc#1071459).\n- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check\n for a trailing \u0027\\\\0\u0027 character in an xattr name, which allowed remote attackers\n to cause a denial of service (heap-based buffer over-read and application\n crash) or possibly have unspecified other impact by sending crafted data to the\n daemon (bsc#1066644).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-rsync-13416",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0117-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0117-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180117-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0117-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-January/003603.html"
},
{
"category": "self",
"summary": "SUSE Bug 1066644",
"url": "https://bugzilla.suse.com/1066644"
},
{
"category": "self",
"summary": "SUSE Bug 1071459",
"url": "https://bugzilla.suse.com/1071459"
},
{
"category": "self",
"summary": "SUSE Bug 1071460",
"url": "https://bugzilla.suse.com/1071460"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16548 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17433 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17434 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17434/"
}
],
"title": "Security update for rsync",
"tracking": {
"current_release_date": "2018-01-17T07:32:49Z",
"generator": {
"date": "2018-01-17T07:32:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0117-1",
"initial_release_date": "2018-01-17T07:32:49Z",
"revision_history": [
{
"date": "2018-01-17T07:32:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.i586",
"product": {
"name": "rsync-3.0.4-2.53.3.1.i586",
"product_id": "rsync-3.0.4-2.53.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.ia64",
"product": {
"name": "rsync-3.0.4-2.53.3.1.ia64",
"product_id": "rsync-3.0.4-2.53.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.ppc64",
"product": {
"name": "rsync-3.0.4-2.53.3.1.ppc64",
"product_id": "rsync-3.0.4-2.53.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.s390x",
"product": {
"name": "rsync-3.0.4-2.53.3.1.s390x",
"product_id": "rsync-3.0.4-2.53.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.0.4-2.53.3.1.x86_64",
"product": {
"name": "rsync-3.0.4-2.53.3.1.x86_64",
"product_id": "rsync-3.0.4-2.53.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586"
},
"product_reference": "rsync-3.0.4-2.53.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x"
},
"product_reference": "rsync-3.0.4-2.53.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586"
},
"product_reference": "rsync-3.0.4-2.53.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x"
},
"product_reference": "rsync-3.0.4-2.53.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.0.4-2.53.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
},
"product_reference": "rsync-3.0.4-2.53.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16548"
}
],
"notes": [
{
"category": "general",
"text": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16548",
"url": "https://www.suse.com/security/cve/CVE-2017-16548"
},
{
"category": "external",
"summary": "SUSE Bug 1066644 for CVE-2017-16548",
"url": "https://bugzilla.suse.com/1066644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:32:49Z",
"details": "low"
}
],
"title": "CVE-2017-16548"
},
{
"cve": "CVE-2017-17433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17433"
}
],
"notes": [
{
"category": "general",
"text": "The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17433",
"url": "https://www.suse.com/security/cve/CVE-2017-17433"
},
{
"category": "external",
"summary": "SUSE Bug 1071459 for CVE-2017-17433",
"url": "https://bugzilla.suse.com/1071459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:32:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-17433"
},
{
"cve": "CVE-2017-17434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17434"
}
],
"notes": [
{
"category": "general",
"text": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17434",
"url": "https://www.suse.com/security/cve/CVE-2017-17434"
},
{
"category": "external",
"summary": "SUSE Bug 1071460 for CVE-2017-17434",
"url": "https://bugzilla.suse.com/1071460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:rsync-3.0.4-2.53.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:rsync-3.0.4-2.53.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:32:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-17434"
}
]
}
suse-su-2018:0118-1
Vulnerability from csaf_suse
Published
2018-01-17 07:31
Modified
2018-01-17 07:31
Summary
Security update for rsync
Notes
Title of the patch
Security update for rsync
Description of the patch
This update for rsync fixes several issues.
These security issues were fixed:
- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in
the daemon_filter_list data structure (in the recv_files function in
receiver.c) and also did not apply the sanitize_paths protection mechanism to
pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function
in rsync.c), which allowed remote attackers to bypass intended access
restrictions' (bsc#1071460).
- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,
proceeded with certain file metadata updates before checking for a filename in
the daemon_filter_list data structure, which allowed remote attackers to bypass
intended access restrictions (bsc#1071459).
- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check
for a trailing '\\0' character in an xattr name, which allowed remote attackers
to cause a denial of service (heap-based buffer over-read and application
crash) or possibly have unspecified other impact by sending crafted data to the
daemon (bsc#1066644).
This non-security issue was fixed:
- Stop file upload after errors like a full disk (bsc#1062063)
- Ensure -X flag works even when setting owner/group (bsc#1028842)
Patchnames
SUSE-CAASP-ALL-2018-84,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-84,SUSE-SLE-DESKTOP-12-SP2-2018-84,SUSE-SLE-DESKTOP-12-SP3-2018-84,SUSE-SLE-RPI-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP3-2018-84
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rsync",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rsync fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in\n the daemon_filter_list data structure (in the recv_files function in\n receiver.c) and also did not apply the sanitize_paths protection mechanism to\n pathnames found in \u0027xname follows\u0027 strings (in the read_ndx_and_attrs function\n in rsync.c), which allowed remote attackers to bypass intended access\n restrictions\u0027 (bsc#1071460).\n- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,\n proceeded with certain file metadata updates before checking for a filename in\n the daemon_filter_list data structure, which allowed remote attackers to bypass\n intended access restrictions (bsc#1071459).\n- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check\n for a trailing \u0027\\\\0\u0027 character in an xattr name, which allowed remote attackers\n to cause a denial of service (heap-based buffer over-read and application\n crash) or possibly have unspecified other impact by sending crafted data to the\n daemon (bsc#1066644).\n\nThis non-security issue was fixed:\n\n- Stop file upload after errors like a full disk (bsc#1062063)\n- Ensure -X flag works even when setting owner/group (bsc#1028842)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-CAASP-ALL-2018-84,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-84,SUSE-SLE-DESKTOP-12-SP2-2018-84,SUSE-SLE-DESKTOP-12-SP3-2018-84,SUSE-SLE-RPI-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP2-2018-84,SUSE-SLE-SERVER-12-SP3-2018-84",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0118-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0118-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180118-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0118-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-January/003604.html"
},
{
"category": "self",
"summary": "SUSE Bug 1028842",
"url": "https://bugzilla.suse.com/1028842"
},
{
"category": "self",
"summary": "SUSE Bug 1062063",
"url": "https://bugzilla.suse.com/1062063"
},
{
"category": "self",
"summary": "SUSE Bug 1066644",
"url": "https://bugzilla.suse.com/1066644"
},
{
"category": "self",
"summary": "SUSE Bug 1071459",
"url": "https://bugzilla.suse.com/1071459"
},
{
"category": "self",
"summary": "SUSE Bug 1071460",
"url": "https://bugzilla.suse.com/1071460"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16548 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17433 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17434 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17434/"
}
],
"title": "Security update for rsync",
"tracking": {
"current_release_date": "2018-01-17T07:31:45Z",
"generator": {
"date": "2018-01-17T07:31:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0118-1",
"initial_release_date": "2018-01-17T07:31:45Z",
"revision_history": [
{
"date": "2018-01-17T07:31:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.aarch64",
"product": {
"name": "rsync-3.1.0-13.7.1.aarch64",
"product_id": "rsync-3.1.0-13.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.ppc64le",
"product": {
"name": "rsync-3.1.0-13.7.1.ppc64le",
"product_id": "rsync-3.1.0-13.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.s390x",
"product": {
"name": "rsync-3.1.0-13.7.1.s390x",
"product_id": "rsync-3.1.0-13.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.1.0-13.7.1.x86_64",
"product": {
"name": "rsync-3.1.0-13.7.1.x86_64",
"product_id": "rsync-3.1.0-13.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64"
},
"product_reference": "rsync-3.1.0-13.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le"
},
"product_reference": "rsync-3.1.0-13.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x"
},
"product_reference": "rsync-3.1.0-13.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.1.0-13.7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
},
"product_reference": "rsync-3.1.0-13.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16548"
}
],
"notes": [
{
"category": "general",
"text": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16548",
"url": "https://www.suse.com/security/cve/CVE-2017-16548"
},
{
"category": "external",
"summary": "SUSE Bug 1066644 for CVE-2017-16548",
"url": "https://bugzilla.suse.com/1066644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:31:45Z",
"details": "low"
}
],
"title": "CVE-2017-16548"
},
{
"cve": "CVE-2017-17433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17433"
}
],
"notes": [
{
"category": "general",
"text": "The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17433",
"url": "https://www.suse.com/security/cve/CVE-2017-17433"
},
{
"category": "external",
"summary": "SUSE Bug 1071459 for CVE-2017-17433",
"url": "https://bugzilla.suse.com/1071459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:31:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-17433"
},
{
"cve": "CVE-2017-17434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17434"
}
],
"notes": [
{
"category": "general",
"text": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17434",
"url": "https://www.suse.com/security/cve/CVE-2017-17434"
},
{
"category": "external",
"summary": "SUSE Bug 1071460 for CVE-2017-17434",
"url": "https://bugzilla.suse.com/1071460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:rsync-3.1.0-13.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsync-3.1.0-13.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-01-17T07:31:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-17434"
}
]
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
}
],
"initial_release_date": "2022-07-15T00:00:00",
"last_revision_date": "2022-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
fkie_cve-2017-17434
Vulnerability from fkie_nvd
Published
2017-12-06 03:29
Modified
2025-04-20 01:37
Severity ?
Summary
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://security.cucumberlinux.com/security/details.php?id=170 | Third Party Advisory | |
| cve@mitre.org | https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1 | ||
| cve@mitre.org | https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html | ||
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4068 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.cucumberlinux.com/security/details.php?id=170 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4068 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samba | rsync | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F490A8DC-BDAF-4AD0-95E3-F98D5BDA75B9",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "El demonio en rsync 3.1.2 y 3.1.3-development en versiones anteriores a la 2017-11-03 no busca nombres de archivo fnamecmp en la estructura de datos daemon_filter_list (en la funci\u00f3n recv_files en receiver.c) y tampoco aplica el mecanismo de protecci\u00f3n sanitize_paths a los nombres de ruta hallados en cadenas \"xname follows\" (en la funci\u00f3n read_ndx_and_attrs en rsync.c). Esto permite que atacantes remotos omitan las restricciones de acceso planeadas."
}
],
"id": "CVE-2017-17434",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-06T03:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"source": "cve@mitre.org",
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"
},
{
"source": "cve@mitre.org",
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2017-17434
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-17434",
"description": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"id": "GSD-2017-17434",
"references": [
"https://www.suse.com/security/cve/CVE-2017-17434.html",
"https://www.debian.org/security/2017/dsa-4068",
"https://ubuntu.com/security/CVE-2017-17434",
"https://advisories.mageia.org/CVE-2017-17434.html",
"https://security.archlinux.org/CVE-2017-17434"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-17434"
],
"details": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",
"id": "GSD-2017-17434",
"modified": "2023-12-13T01:21:04.885602Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9",
"refsource": "MISC",
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"name": "http://security.cucumberlinux.com/security/details.php?id=170",
"refsource": "CONFIRM",
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"name": "DSA-4068",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
},
{
"name": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1",
"refsource": "MISC",
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17434"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"
},
{
"name": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1"
},
{
"name": "http://security.cucumberlinux.com/security/details.php?id=170",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=170"
},
{
"name": "DSA-4068",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4068"
},
{
"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-12-06T03:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…